Android users are alerted about a virus impersonating a Chrome app; Stealing bank details

Android users are alerted about a virus impersonating a Chrome app; Stealing bank details

Researchers have uncovered a sophisticated malware campaign designed to steal bank card data

Pradeo experts have warned of new Android malware being portrayed by cybercriminals as Google Chrome apps. The fake app is part of a sophisticated hybrid malware campaign in which cybercriminals also use phishing to steal credentials from victims. Fake Google Chrome has been installed on hundreds of thousands of Android devices over the past few weeks, experts say.

As the researchers explained, the attack begins with the so-called smishing (from “SMS” and “phishing”) – the victim receives an SMS message with a request to pay customs duty for the delivery of the parcel. If the user fell for the bait and clicked on the link provided in the message, a notification appears about the need to update Google Chrome. After accepting the offer to update the browser, the user is redirected to the site with the application, which is actually malicious.

When the “update” is installed, the victim is taken to a phishing page that completes the social engineering scheme. The user is asked to pay a small amount (usually $ 1-2), but, of course, the attackers are not interested in this small earnings, but in the victim’s bank card details.

According to experts, common but highly intelligent cybercriminals are behind the malicious campaign. The techniques they use (hiding code, smishing, stealing data, re-archiving, etc.) are individually very simple, but collectively allow for an operation that is difficult to detect and that is fast and efficient.

The source of malware distribution is a fake Google Chrome application. Once installed on the victim’s device, it sends out over 2,000 SMS messages a week. Messages are sent daily for 2-3 hours in the background. Phone numbers are randomly selected and not taken from the victim’s phone book.

Catch up on more stories here

Follow us on Facebook here

Leave a Reply