Nasty Google Chrome scam targets Android users – DON'T click on this update

Android smartphone users should be on high alert for another scam that is circulating around the globe. This nasty new security threat attempts to trick users into downloading malware via a fake Chrome update. With this web browser still the most popular on the planet it seems cyber thieves are using Chrome’s mass appeal in an attempt to fool as many people as possible.

According to the mobile security team at Pradeo, the attack arrives on devices via a fake text message which suggests users need to pay a customs fee to release a parcel with their name on it. A link is included in the text and, once clicked, it then suggests that their version of Chrome needs updating before the transaction can take place.

Anyone agreeing to the update is actually downloading malware that can monitor the device and steal information including bank details and credit card numbers.

To stay undetected, the malware hides on mobile devices by using the official Chrome app’s icon and name, but its package, signature and version have nothing in common with the official app.

Worst still, the malware then sets about sending messages to other phones from the infected device. This mechanism ensures a successful propagation of the attack campaign.

READ MORE: Amazon upgrades its Echo with new features, better sound and a hidden security camera

“The cybercriminal behind this campaign is trying hard to stay under the radar of mobile security solutions. said Pradeo’s Roxane Suau.

“First, the use the victims’ phone numbers to expedite phishing SMS, to make sure they are not blocked by messaging apps’ spam filter.

READ  Extremely rare two-headed viper shocks locals in India

“Secondly, the malware uses obfuscation techniques and calls external code to hide its malicious behaviors, hence eluding most threat detection systems.

“Thirdly, as soon as the app is identified and referenced by most antivirus, the cybercriminal simply repackages it with a new signature to go back under the radar.”

Sadly, this type of attack appears to be growing with a number of similar threats announced in recent weeks.

In fact, if you have a UK mobile number, chances are, you’ve received a number of fraudulent text messages about deliveries from couriers like DHL, Hermes, Post Office, and more in recent weeks. The widespread threat is so serious that all of the major UK networks, including EE, Vodafone and Three, have sent out alerts to customers urging them not to be fooled by the scam.

It’s worth noting that this attack only works on Android as Apple doesn’t allow any external files to be downloaded and installed.



Please enter your comment!
Please enter your name here