A new Android malware was found to embody that Google Chrome App and has already infected hundreds of thousands of devices, according to researchers at cybersecurity company Pradeo. The researchers have classified the threat as a “Smishing Trojan”.
According to the researchers, the fake Google chrome App is part of a mobile attack campaign that uses phishing to steal your credit card information by installing the fake app and your device also becomes part of the attack campaign. “The malware uses victims’ devices as vectors to send thousands of phishing SMS messages. We evaluate that the speed at which it is spreading has enabled it to reach hundreds of thousands of people over the past few weeks. “Said the researchers in their” Security Warning “post on their website.
Like the fake Chrome app comes in your cellphone
The victim receives a text message asking them to pay customs duties for the release of a package delivery. When opening the link, they will be asked to update their Chrome app Trojans Impersonation as a Google Chrome app. Then they have to pay a small amount, no more than a dollar or two, with their credit card. The credit card details at the other end are hacked by a cybercriminal with whom they can commit bank fraud.
How your phone becomes a super malware spreader
It doesn’t stop there. Once installed on the victim’s phone, the fake Chrome app “sends more than 2000 text messages per week from the victim’s devices, every day for 2 or 3 hours, to random phone numbers that appear to be consecutive”. This is how the mobile attack campaign is orchestrated. The researchers say the fake app has the icon and name of the official Chrome app, “but the package, signature, and version have nothing in common with the official app.” To make matters worse, even if “most antivirus programs” can flag the malicious application, the fake Chrome app could be “repackaged with a new signature” to defeat the phone’s defenses. So far, researchers have found two such fake Chrome apps.
What can you do to prevent yourself
The researchers have advised mobile users never to give their credit card details if an unknown sender asks for them. They have also asked phone users to download and update all of their apps from the official Google Play Store and Apple App Store only.