It's Better to Delete This App From Your Phone. It Sends Your Text Messages to Russia
This malicious Google Chrome clone is designed to trick users and steal their personal information.
There have been countless incidents of malware pretending to be utility applications on Android. Usually, the attackers are fairly predictable: they embed harmful code in generic, self-created apps, or simply copy well-known brands. This latest threat is slightly different.
AG Data has discovered a dangerous Google Chrome for Android clone. This version of the app, once installed, gains permission to make calls and read SMS messages, sending the collected data to servers in Russia. Despite being designed to steal your data and personal information, it maintains some of Chrome's original functionality, tricking users into thinking it is the actual app.
Similarly ThreatFabric, who monitor and analyze online threats to keep the public safe, recently identified a new Android Trojan, known as Brokewell, that disguises itself as a fake Google Chrome update. Once installed, the app is capable of recording user activity, capturing everything from text entries and clicks to app launches.
The process of infecting a user's device with this malware is relatively simple. It poses as a Google Chrome update, which upon installation gives the malware access to the device to do as it wishes.
These apps impersonate established brands, in this instance, Google Chrome, which are known to the public and presumed to be legitimate. The fake Google Chrome app allows you to browse the internet as normal, adding to the appearance of being the real app.
These fake Google Chrome apps have been revealed to pose significant threats to mobile banking. The combination of stealing data and remote device control makes it an excellent mobile banking malware. The app can observe all of your actions on your device, so when you connect to your mobile banking app, it will record your login details, gain access to your bank account, and then be able to steal your money.
To stay safe from fake apps on your phone, make sure that you download apps from trusted sources like the Google Play Store or Apple's App Store. Read the reviews and ratings before installation, and be wary of apps with barely any reviews or very recent launch dates.
You should also keep your phone's operating system up to date to have the latest security patches. Importantly, avoid clicking on suspicious links - these can be received by text or found on websites. Finally, pay attention to app permissions. If an app requests access to sensitive information that seems unnecessary, it is best to avoid it.