Source: Android infostealer posing as a fake Google Chrome update
Our research team has recently seen a large amount of activity in our cloud related to an Android infostealer disguised as a Google Chrome update. This malware is capable of harvesting call logs, SMS data, browser history and banking information and is sending it to a remote command and control (C&C) server. This malware is also capable of checking the installed antivirus applications and terminating them to evade detection.
Following is a sample of URLs we have seen where the malware is being downloaded.
Continue Reading: Android infostealer posing as a fake Google Chrome update
We are seeing many new URLs dropping this malware actively in the wild. Such infection of the victim’s device leads to critical information leakage like credit card details, SMS and call logs - which can further lead to financial banking fraud.
Once installed, this Infostealer cannot be removed from the phone as the malware does not allow the user to deactivate it’s administrative access. The only option to remove this malware is a factory reset which leads to further data loss.
Our research team has recently seen a large amount of activity in our cloud related to an Android infostealer disguised as a Google Chrome update. This malware is capable of harvesting call logs, SMS data, browser history and banking information and is sending it to a remote command and control (C&C) server. This malware is also capable of checking the installed antivirus applications and terminating them to evade detection.
Following is a sample of URLs we have seen where the malware is being downloaded.
- http[:]//ldatjgf[.]goog-upps.pw/ygceblqxivuogsjrsvpie555/
- http[:]//iaohzcd[.]goog-upps.pw/wzbpqujtpfdwzokzcjhga555/
- http[:]//uwiaoqx[.]marshmallovw.com/
- http[:]//google-market2016[.]com/
- http[:]//ysknauo[.]android-update17[.]pw/
- http[:]//ysknauo[.]android-update16[.]pw/
- http[:]//android-update15[.]pw/
- http[:]//zknmvga[.]android-update15[.]pw/
- http[:]//ixzgoue[.]android-update15[.]pw/
- http[:]//zknmvga[.]android-update15[.]pw/
- http[:]//gpxkumv.web-app.tech/xilkghjxmwvnyjsealdfy666/
Continue Reading: Android infostealer posing as a fake Google Chrome update
We are seeing many new URLs dropping this malware actively in the wild. Such infection of the victim’s device leads to critical information leakage like credit card details, SMS and call logs - which can further lead to financial banking fraud.
Once installed, this Infostealer cannot be removed from the phone as the malware does not allow the user to deactivate it’s administrative access. The only option to remove this malware is a factory reset which leads to further data loss.
Last edited by a moderator:
