[ad_1]
Google Chrome is the world’s most popular browser. So, if we find a “highly dangerous” fraudulent update that steals personal data, messages, and photos, it raises serious concerns.
‘Very dangerous’ rogue Chrome update discovered in the wild
The following was updated on 2/11, and the article was first published on 2/9.
A surprising new report released by McAfee this week warns Android users not to click on message links that install Chrome updates on their devices. MoqHao malware hides within these downloads with a nasty twist. This is what security researchers describe as a new and “highly dangerous technology.”
“The malicious activity is automatically initiated while the app is installed,” the researchers wrote. We are working on implementing mitigations to prevent automatic execution.”
This malicious campaign uses another twist to distribute MoqHao malware through SMS messages. Attackers use short URLs from legitimate services because “short domains are difficult to block because it can affect all URLs used by that service.” It’s starting. [But] When a user clicks on a link within the message, the URL shortener redirects them to the actual malicious site. ”
Once installed, the rogue Chrome update requests extensive user permissions, including access to SMS, photos, contacts, and even the phone itself. The malware is designed to do more damage by running in the background and connecting to command-and-control servers to manage data sent to and from the device.
McAfee believes this MoqHao (XLoader) campaign is the work of the Roaming Mantis group, a threat actor typically operating in Asia. However, McAfee notes that this particular campaign also appears to be targeting users in Europe. One of the languages programmed into this campaign is English. This means that users in the US will also be eligible.
Your new campaign will be installed automatically
If you look closely, you’ll see that the message uses Unicode characters to trick users into thinking it’s a legitimate Chrome update. “This technology makes some text appear bold, but the user visually recognizes it as ‘Chrome,'” McAfee said. .android) may impact app name-based detection techniques that compare apps. . chromium). “
It’s only February, but this is the third Android malware alert to headline so far this year. I’ve looked at VajraSpy, SpyLoan, and Xamalicious. We’ve also seen widespread warnings about copycat apps, similar to the one seen here. Regarding this variant in particular, McAfee warns, “This new variant is expected to have a very high impact, as it infects devices simply by being installed without being run.”
“Copycat apps are easy to create,” warns ESET’s Jake Moore. “Downloading and installing malicious apps on your phone can lead to many disasters, including personal data theft, banking information compromise, device performance degradation, intrusive adware, and even spyware that monitors your conversations and messages. may occur.”
permission request
As we’ve said repeatedly this year, the timing here may be even more remarkable than the malware itself. Europe’s Digital Markets Act is making significant changes to the apps and platforms we use most. That includes the app store.
Apple is reluctantly rolling out its own services for the first time, warning users of the risks. “While these new regulations bring new options to developers, they also bring new risks, and there’s no getting around them,” he warned Apple’s Phil Schiller. It’s at the top of the list of concerns.
In response to McAfee’s report, a Google spokesperson told me that “Android has multiple layers of protection to keep you safe,” and as stated in McAfee’s report. “Android users are currently protected from this by Google Play Protect, which is turned on by default on Android devices with Google Play services. It can warn users or block apps that are known to exhibit malicious behavior, even if they come from multiple sources.
Google also confirmed that it worked with McAfee to address this new malware threat, as McAfee is one of its App Defense Alliance partners.
Updated 2/11:
Google’s focus and push on the Play Store ecosystem, including Play Protect, is commendable and is definitely making a difference. However, the problem is that we need better software and security update processes than we have today.
The fragmented nature of Android’s ecosystem has always lagged far behind Apple’s command-and-control structure when it comes to keeping devices up to date and responding to real-time issues. By relying on device OEMs for much of this effort, Google no longer has the same controls as Apple, and it shows.
And in a twist of timing, we are witnessing this very issue unfolding right now.
as ars technica announced this weekend, “We’re a third of the way through February, but the January 2024 Google Play system update for Android is just rolling out. The now-infamous update was originally released in early January. However, it was discontinued after users started getting locked out of their phones’ local storage. Apparently, an update has been fixed and is being rolled out to devices.”
However, at least as of this weekend, the issue appears to have been resolved. Ars Technica says, “This is the second time in the last four months that automatic Android updates have broken some of his Pixel phones. These issues have made updating Pixel phones a scary proposition these days. ” warns.
And while that update issue is related to Pixel smartphones, Samsung has its own issues. sam mobile I will explain. “Typically, it’s flagship devices that receive monthly security updates, and mid-range and budget devices that receive quarterly updates, but it’s not always so obvious. Some devices may receive monthly updates for the first year or two on the market and then move to a quarterly schedule, but some devices may be relegated to quarterly updates from day one.”
All of this means that user common sense and good practices are really needed to stay safe. I have a lot of advice, but very Simple. Never click on links like those seen in this latest campaign. please do not Install the app directly from the link. This was at the heart of ESET’s copycat app warning. Also, never agree to permission requests that are not core to the app’s specific functionality.
The golden rules for apps and updates are:
- Please use the official app store. Don’t use third-party stores and don’t change your device’s security settings to allow apps to load.
- Check the developer in the app description. Is the developer someone you admire? Then check the reviews to see if they are genuine or fake.
- Don’t give permissions to apps you don’t need. Flashlights and stargazing apps don’t require access to your contacts or phone. Also, never grant accessibility permissions that facilitate device control unless necessary.
- I never have Until now Click the link in the email or message to download the app or update directly. Always use the app store for installations and updates.
- Don’t install apps that link to established apps like WhatsApp unless you know they’re legitimate. Check out reviews and what people are saying online.
[ad_2]
Source link
