A new Android malware that impersonates the Google Chrome app has spread to hundreds of thousands of people in the last few weeks, according to researchers. The fake app is being used as part of a sophisticated hybrid cyberattack campaign that also uses mobile phishing to steal credentials.
According to researchers at Pradeo, the attack starts with a
basic “smishing” gambit: Targets receive an SMS text asking them to pay “custom fees” to release a package delivery. If they fall for it and click, a message comes up asking them to update the Chrome app.
If they accede to that request, they’re taken to a malicious website hosting the purported app. In reality, it’s the malware, which is downloaded to their phones.
After the supposed “update,” victims are taken to a phishing page that closes the loop on the social engineering: They’re asked to pay a small-dollar amount (usually $1 or $2 dollars) in a less-is-more approach, which is of course just a front to harvest credit-card details, according
to the analysis, issued Monday.
“Attackers know that we’re accustomed to receiving alerts of all types on our smartphones and tablets,” Hank Schless, senior manager of security solutions at Lookout, told Threatpost. “They take advantage of that familiarity to get mobile users to download malicious apps that are masked as legitimate ones.”
threatpost.com
