ANDROID USERS BEWARE- THIS NEW MALWARE WILL RETRIEVE BANKING INFO AND TRACK YOUR TEXTS


For Android users, using
their devices has become so much risky nowadays due to the emergence of a new
malware every other day. This time, a dangerous malware has surfaced that
appears to be just another harmless Google Chrome’s mobile
version’s update but in reality, it is a malicious software aiming to get your
financial details and private data. The web pages on which this malware is
being hosted are also designed to look like the official Android or Google
landing pages.
Android
remains the most vulnerable OS
This
malware reminds users of 2015’s CTB Locker/Critroni ransomware
tricking
 users into downloading fake Google Chrome
update and steal their data however the new malware has been identified by
Zscaler, a security firm. According to their analysis, this malware is so
powerful that it can monitor call logs, track text messages, retrieve browser
history and most devastating is the fact that it also steals banking
information.
When this
malware is installed, the data that it can potentially steal is transferred to
a remote C2 (command & control server). As per the analysis of Zscaler,
this malware can also detect and even terminate any antivirus app that is
installed on the target computer. In fact, it is so resilient that the victim
cannot delete it permanently from the device unless factory resets action is
performed.
However,
it must be noted that the malware can only get installed if the default Android
setting has been turned off by the user because it prevents the device from
installing software that comes from 
unauthentic sources.

According
to Tom’s
Guide
, the malware’s operational capabilities are
tremendously powerful.
“After
downloading the APK file, users would need to disable one of Android’s default
security settings which prevent the installation of programs from unknown
sources. Once that’s done and the target gives Update_chrome.apk administrative
access, the malware registers the phone with its remote server, and monitors
all SMS messages and calls, which it sends to remote servers.”
But what
happens when Play Store, Android devices’ official apps downloading platform,
is accessed by the user of the infected device? Tom Guide answers the query:
“If users open
the Play Store on an infected device, the malware presents a phony payment
information page for entering credit card numbers. After that data is entered,
a screenshot is then sent to a phone number in Russia, which doesn’t sound like
a safe way to store your banking data.”
So,
we would suggest that you only opt for Google Play Store for downloading apps
if you want to avoid malware like the aforementioned one.

via Blogger http://ift.tt/2fIex1i

Advertisements