[ad_1]
Google Chrome is the world’s most popular browser. So, if we find a “highly dangerous” fraudulent update that steals personal data, messages, and photos, it raises serious concerns.
A surprising new report released by McAfee this week warns Android users not to click on message links that install Chrome updates on their devices. MoqHao malware hides within these downloads with a nasty twist. This is what security researchers describe as a new and “highly dangerous technology.”
“The malicious activity is automatically initiated while the app is installed,” the researchers wrote. We are working on implementing mitigations to prevent automatic execution.”
This malicious campaign uses another twist to distribute MoqHao malware through SMS messages. Attackers use short URLs from legitimate services because “short domains are difficult to block because it can affect all URLs used by that service.” It’s starting. [But] When a user clicks on a link within the message, the URL shortener redirects them to the actual malicious site. ”
Once installed, the rogue Chrome update requests extensive user permissions, including access to SMS, photos, contacts, and even the phone itself. The malware is designed to do more damage by running in the background and connecting to command-and-control servers to manage data sent to and from the device.
McAfee believes this MoqHao (XLoader) campaign is the work of the Roaming Mantis group, a threat actor typically operating in Asia. However, McAfee notes that this particular campaign also appears to be targeting users in Europe. One of the languages programmed into this campaign is English. This means that users in the US will also be eligible.
If you look closely, you’ll see that the message uses Unicode characters to trick users into thinking it’s a legitimate Chrome update. “This technology makes some text appear bold, but the user visually recognizes it as ‘Chrome,'” McAfee said. .android) may impact app name-based detection techniques that compare apps. . chromium). “
It’s only February, but this is the third Android malware alert to headline so far this year. I’ve looked at VajraSpy, SpyLoan, and Xamalicious. We’ve also seen widespread warnings about copycat apps, similar to the one seen here. Regarding this variant in particular, McAfee warns, “This new variant is expected to have a very high impact, as it infects devices simply by being installed without being run.”
“Copycat apps are easy to create,” warns ESET’s Jake Moore. “Downloading and installing malicious apps on your phone can lead to many disasters, including personal data theft, banking information compromise, device performance degradation, intrusive adware, and even spyware that monitors your conversations and messages. may occur.”
As we’ve said repeatedly this year, the timing here may be even more remarkable than the malware itself. Europe’s Digital Markets Act is making significant changes to the apps and platforms we use most. That includes the app store.
Apple is reluctantly rolling out its own services for the first time, warning users of the risks. “While these new regulations bring new options to developers, they also bring new risks, and there’s no getting around them,” he warned Apple’s Phil Schiller. It’s at the top of the list of concerns.
Apple’s embrace of third-party stories will be in direct contrast to Google’s security approach, which has always been far less lockdown, promoting user choice as a balance to security. If Apple can expand its app store options while maintaining security, it will put even more pressure on Android’s security.
I asked Google for comment on McAfee’s report.
On the other hand, advice to users is still very important. very Simple. Never click on links like those seen in this latest campaign. Also, do not install apps directly from links. This was at the heart of ESET’s copycat app warning. Also, never agree to permission requests that are not core to the app’s specific functionality.
The golden rules for apps and updates are:
- Please use the official app store. Don’t use third-party stores and don’t change your device’s security settings to allow apps to load.
- Check the developer in the app description. Is the developer someone you admire? Then check the reviews to see if they are genuine or fake.
- Don’t give permissions to apps you don’t need. Flashlights and stargazing apps don’t require access to your contacts or phone. Also, never grant accessibility permissions that facilitate device control unless necessary.
- Never click on links in emails or messages that directly download apps or updates. Always use the app store for installations and updates.
- Don’t install apps that link to established apps like WhatsApp unless you know they’re legitimate. Check out reviews and what people are saying online.
follow me twitter Or LinkedIn.
[ad_2]
Source link