New Android malware is spreading and has already targeted hundreds of thousands of people. It impersonates the Google Chrome app and uses smishing attacks to steal credentials. In addition, the campaign also uses a combination of techniques to evade mobile security solutions.
What has happened?
According to researchers, the campaign was first seen in early May in several European countries. Considering its rate of spread, it is expected to have spread to other countries.
The attack begins with a malicious tactic in which the targets receive an SMS text message urging them to pay customs fees to release a package delivery. On clicking, a message asks them to update the Chrome app.
Unsuspecting users are redirected to a malicious website, from where the malicious application, pretending to be an update, is downloaded to their phones.
Afterward, victims are taken to a phishing page that asks them to pay a small amount of $ 1 or $ 2, which is just an attempt to collect the victim’s credit card details.
The fake app
The fake Chrome app used for propagation can send 2,000 SMS messages per week from infected devices. Messages are sent daily for a set period of two to three hours.
The recipients ‘phone numbers do not come from the victims’ phone books, yet they follow a sequential pattern.
Meanwhile, the malware remains hidden on infected devices by the name and icon of the official Chrome app.
A combination of efficient phishing techniques, malware spreading techniques, and various evasion techniques make this campaign capable of spreading faster without being detected. Therefore, users are advised to use mobile security solutions with massive mobile threat telemetry data sets.