Beware of this ‘dangerous’ Chrome app that can automatically steal your passwords and photos
A team of researchers have found malware that, once installed on any Android device, can automatically steal users’ data like photos, passwords and chats. It is a new variant of MoqHao (also referred to as Wroba and XLoader), which is a well-known Android malware family. Recently, the McAfee Mobile Research Team found that MoqHao has begun distributing this ‘new dangerous’ variant via SMS links.
What makes this malware dangerousAccording to the report, the hackers send a link to download the malicious app via SMS. While a typical MoqHao malware requires users to install and launch the app, this variant requires little execution from the users’ side. When the app is installed, hackers’ malicious activity starts automatically.
The malware disguises itself as ‘Chrome’ that can fool Android users into downloading the app. Once downloaded, the malware requests users to set itself as the default SMS app with prompts in various languages like Hindi, English, French, Japanese and German.
“Also, the different languages used in the text associated with this behaviour suggests that, in addition to Japan, they are also targeting South Korea, France, Germany, and India,” McAfee said.
How this malware worksThe hackers use social engineering techniques to convince users to set this malicious app as the default app. They show messages just like the way a legitimate app would flash. This message is fake and is used to make users believe that they have downloaded a legitimate app.
How to spot the malware-laden Chrome app
This app has an italic ‘r’ and asks users to let the app always run in the background. Google Chrome doesn’t ask for such permission. Furthermore, any link that comes via an SMS is a red flag and must not be clicked.
McAfee said that the company has already reported this technique to Google and the company is “already working on the implementation of mitigations to prevent this type of auto-execution in a future Android version.”
The Google Chrome app is available to download from Google Play Store and it is advised that users download all apps from the official store. Android users are protected by Google Play Protect, which is on by default on Android devices with…
What makes this malware dangerousAccording to the report, the hackers send a link to download the malicious app via SMS. While a typical MoqHao malware requires users to install and launch the app, this variant requires little execution from the users’ side. When the app is installed, hackers’ malicious activity starts automatically.
The malware disguises itself as ‘Chrome’ that can fool Android users into downloading the app. Once downloaded, the malware requests users to set itself as the default SMS app with prompts in various languages like Hindi, English, French, Japanese and German.
“Also, the different languages used in the text associated with this behaviour suggests that, in addition to Japan, they are also targeting South Korea, France, Germany, and India,” McAfee said.
How this malware worksThe hackers use social engineering techniques to convince users to set this malicious app as the default app. They show messages just like the way a legitimate app would flash. This message is fake and is used to make users believe that they have downloaded a legitimate app.
How to spot the malware-laden Chrome app
This app has an italic ‘r’ and asks users to let the app always run in the background. Google Chrome doesn’t ask for such permission. Furthermore, any link that comes via an SMS is a red flag and must not be clicked.
McAfee said that the company has already reported this technique to Google and the company is “already working on the implementation of mitigations to prevent this type of auto-execution in a future Android version.”
Expand
The Google Chrome app is available to download from Google Play Store and it is advised that users download all apps from the official store. Android users are protected by Google Play Protect, which is on by default on Android devices with…
