According to Pradeo researchers, a new Android malware that impersonates the Google Chrome app has spread to hundreds of thousands of people in the last few weeks. The fake app is part of a sophisticated hybrid cyberattack campaign that also utilizes mobile phishing to extract credentials.
The attack begins with a basic smishing gambit. The targets receive an SMS text message informing them that they must pay customs fees for a package delivery to be released. If they fall for it and click, a message appears informing them that the Chrome app needs to be updated.
After they accept the request, they are directed to a malicious website that hosts the fake app. You guesses it, they are basically downloading malware to their phone.
Once the presumed update is complete, victims are directed to a phishing page for the final touch. Using a less-is-more approach, users are asked to pay of small amount of $1 or $2, which is just a front to gather credit-card information.
Fake Chrome App designed for Viral Propagation
Pradeo discovered that once installed, the malware sends over 2,000 SMS messages per week from infected devices. The messages are sent out daily, silently in the background, during specific two- or three-hour blocks. The recipient phone numbers are simply random and not from the victims’ phone books, but they follow a sequential pattern.
The malware appears to be hidden on mobile devices by imitating the official Chrome app’s icon and name, but its package, version, and signature are completely different.
Protect yourself from Mobile Phishing
When an unknown sender asks for credit card information, you should never provide it. If you are unsure about the source of the request, then check the status of your package delivery using the carrier’s tracking number. This can be found on the carrier’s official app or website.
Furthermore, you should only download and update apps from official stores, namely Google Play for Android and Apple Store for iOS.
Cybercriminals are targeting Android devices frequently lately. At the beginning of this month, another new malware dubbed TeaBot targeted financial institutions.