Jump to content

Recommended Posts

  • ExTS Admin
Posted

Infostealing malware discovered by Zscaler terminates any installed anti-virus software to steal personal data - and the only way to get rid of it is to completely reset the phone

 

http://img.photobucket.com/albums/v708/starbuck50/android-chrome-600_zpsl8vuzpuu.jpg

 

A banking and personal information stealing mobile malware posing as a Google Chrome update for Android, and which can't be removed from the infected device, has been spotted in the wild by cybersecurity researchers.

 

The infostealer malware - discovered by the Zscaler ThreatLabZ research team - is capable of harvesting banking information, call logs, SMS data and browser history which are all sent to a remote command-and-control server.

 

Rather than being served by one URL, the malware squats on multiple domains which are similar to existing Google updates.

Each URL is only active for a short amount of time, with the addresses serving the malware regularly updated and replaced in order to ensure it avoids detection.

 

Users who download the fake Android application package - titled "Update_chrome.apk" - are prompted to allow the malware to gain administrative access to their phone and in doing so, unwittingly infect their device.

 

According to Deepen Desai, Director of Security Research at Zscaler, users are often tricked into installing the malware the fake Chrome update will tell them they've been compromised by a non-existent virus.

 

"The malware may arrive from compromised or malicious websites using scareware tactics or social engineering.

One common theme we have seen in recent malicious android application packages involves scareware tactics where the user will see a popup indicating that their device is infected with a virus and asks them to update to clean up infection," he told ZDNet.

 

Once installed, the malware checks for installed security applications which are supposed to provide protection and prevents them from working correctly.

In their report on the malware, Zscaler researchers write that antivirus applications like Kaspersky, ESET, Avast and Dr. Web can all be terminated by the infostealer.

 

With the malware now free to do as it pleases on the infected devices, text messages and call logs are monitored, with all outgoing, received and missed communications logged and sent to a command-and-control server.

 

Not only that, but the malware is capable of creating an authentic looking fake payment page - to take all major credit cards - in the Google Play store.

 

If payment information is entered, the malware takes a screenshot and sends it to a Russian phone number.

Once installed on a device, the infostealer can't be removed because the malware refuses to allow the user to remove administrative access. The only way to remove the infection is to return the device to factory settings - an option which causes all data stored on the phone to be lost.

 

 

Source:

http://www.zdnet.com/article/irremovable-bank-detail-stealing-android-malware-poses-as-google-chrome-update/#ftag=RSSbaffb68

Member of:

UNITE

  • Replies 1
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Posted
Thanks for info.

Bob

(bob12a)

My 3D pictures need red cyan glasses to view

medion MD8855,Win 7 IE8, Firefox/3, Avast,MS security essentials, NERO 9,malware bytes.Mailwasher pro ,6.54,Roboform,spybot S&D 1.6, Canon ixus 860 X 2,PS CS5

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...