The malware looks like an update for Google’s mobile Chrome browser and is hosted on webpages designed to look like they are official Google or Android landing pages.
Once installed, the malware logs the data and sends it all back to a remote command and control server. Zscaler notes that the malware is capable of checking if a user has any antivirus apps installed, and if so, terminating them to evade detection. The installation can only occur if a user turns off a default Android setting which prevents the installation of software from non-approved sources.
The malware can only be removed when a user performs a factory reset on their device.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now