Google Chrome, the world's most widely used web browser, is currently under threat from a fraudulent update that's been dubbed 'very dangerous'.

Disguised as a legitimate Chrome update, malicious software has been found stealing private data, messages, and photos from unsuspecting users.

This alarming news comes from a recent report by cybersecurity firm McAfee, which has urged Android users to avoid clicking any message links that claim to install Chrome updates on their devices.

The report reveals that the notorious MoqHao malware is lurking within these downloads, employing a new and highly dangerous technique.

Once the fraudulent Chrome update is installed, it begins its malicious activity automatically.

A new malware has been discovered by McAfee. Image source: Freepik.

The malware requests extensive user permissions, including access to SMS, photos, contacts, and even the phone itself.

It operates in the background, connecting with its command and control server, managing data to and from the device, and causing increasing damage.

A threat actor that typically operates in Asia called the Roaming Mantis group is believed to be behind this MoqHao (XLoader) campaign.

However, this specific campaign also appears to target users in Europe and the US, as one of the languages programmed into the campaign is English.

The fraudulent update cleverly uses Unicode characters to trick users into thinking it’s a legitimate Chrome update.

'This technique makes some characters appear bold, but users visually recognise it as “Chrome”,' McAfee explained.

'This may affect app name-based detection techniques that compare app name (Chrome) and package name (com.android.chrome).'

This is the third major Android malware alert of the year so far, following VajraSpy, SpyLoan, and Xamalicious.

There has also been a broader warning about copycat apps, which mirrors what we’re seeing here.

As for this specific malware, McAfee warned that they 'expect this new variant to be highly impactful because it infects devices simply by being installed without execution'.

Jake Moore from ESET, a software company specialising in cybersecurity, added: 'Copycat apps are simple to produce.'

'Downloading and installing a malicious app on your phone can lead to a number of disasters, including theft of personal data, compromise of banking information, poor device performance, intrusive adware and even spyware monitoring your conversations and messages.'

In response to the McAfee report, a Google spokesperson stated that 'Android has multi-layered protections that help keep users safe.'

'Android users are currently protected against this by Google Play Protect, which is on by default on Android devices with Google Play Services. Google Play Protect can warn users or block apps known to exhibit malicious behaviour, even when those apps come from sources outside of Play.'

Google has also confirmed its collaboration with McAfee to address the new malware threat. McAfee is understood to be one of Google’s App Defense Alliance partners.

Key Takeaways

• MoqHao, a 'very dangerous' malware disguised as a Google Chrome update on Android, can steal private data, messages, and photos.
• Users were advised not to click message links that install Chrome updates, as this malware starts its malicious activity automatically upon installation.
• McAfee has attributed this campaign to the Roaming Mantis group, and warned that it is also targeting users in Europe and the U.S. with English programmed into the campaign to broaden its reach.
• Google and its App Defense Alliance partners are working to address the malware threat, and users are reminded to follow best practices such as sticking to official app stores and being cautious with permissions.

Members, always be cautious when downloading apps or updates, and remember to regularly check your device's security settings.

What are your thoughts on this latest news, dear members? Let us know in the comments below.

 

[Bill MacL]

IN THEORY ; The digital world will make things so much easier and safer. IN REALITY ; Well that didn't f%@$#g happen did it?

 

[PattiB]

This is why I refuse to install Chrome, there always seem to be problems with it.

 

[Clancieblue]

Be aware also of McAfee, I had an email claiming I had to turn on direct debit so they could update my subscription. I haven't used McAfee for several years.

 

[peteloo]

This could be affecting Android phones using Chrome browser. I wonder if this is targeted for PC using Windows.

 

[Aussi Girl]

I have deleted Google Chrome browser off my computer, before you send me this message, I will not use it any more as my anti virus protection kept dinging me to let me know there was a Virus on Google Chrome. but thanks for letting me know why

 

[maggiej]

I too am wondering if this affects a PC. I do not use Chrome as a browser either on my laptop. I do not use a mobile for anything except calls

 

[hdhensel]

McAFee has tried for about 6 months to get into my iMac by threatening me with all sorts of spam. After money of course. But these are probably all copies or clones. But somehow they knew that my subscription to AV was due or paid

 

[Reet]

Be aware also of McAfee, I had an email claiming I had to turn on direct debit so they could update my subscription. I haven't used McAfee for several years.

Ivehad several emails supposedly from McAfee telling me to update and I have not used it for many years either.

 

[Reet]

I too am wondering if this affects a PC. I do not use Chrome as a browser either on my laptop. I do not use a mobile for anything except calls

You are wise. I don't use my mobile for anything but calls either. I find it is safer that way.

 

[PattiB]

McAFee has tried for about 6 months to get into my iMac by threatening me with all sorts of spam. After money of course. But these are probably all copies or clones. But somehow they knew that my subscription to AV was due or paid

I’m always getting notifications from McAfee that my subscription is about or has expired. I have never ever had one.

 

[Greg350]

This could be affecting Android phones using Chrome browser. I wonder if this is targeted for PC using Windows.

Well, NO. It specifically says Android.

 

[Greg350]

I have deleted Google Chrome browser off my computer, before you send me this message, I will not use it any more as my anti virus protection kept dinging me to let me know there was a Virus on Google Chrome. but thanks for letting me know why

This is for phones, has nothing to do with PC's.

 

[Greg350]

And the paranoia starts again. Do any of you actually take in what you read? Firstly it's on Android devices, not Windows PC's. Secondly Google have stated that they have a built in security feature to stop this download happening.

READ what's written.

Also, I have never had one of those virus programs on my PC's, they slow down the PC considerably. On Windows they have their own program working in the background, it doesn't slow the PC as much and will catch the vast majority of virus anyway.

Relax people, READ what you see, THINK about what you read, if it sounds odd delete it, if not sure phone the company involved directly using a phone number YOU look up. The world of computers is not bad if you use some common sense.

 

[Greg350]

IN THEORY ; The digital world will make things so much easier and safer. IN REALITY ; Well that didn't f%@$#g happen did it?

It's worked for me, and most people actually. Just use some simple common sense and you'll be fine.

 

[Tygie]

I don't have chrome - i uninstalled that RUBBISH browser. I use far more superior browsers that have loads more security and actually do the job of a browser not think it is something when it is nothing.

 

[Macarj]

Be aware also of McAfee, I had an email claiming I had to turn on direct debit so they could update my subscription. I haven't used McAfee for several years.

Me too for a few months asking me to renew McAfee and I have never had them

 

[Janet g]

What if it’s all ready installed ? Just ignore the updates .Ive got it on my laptop and it’s the only way I can access mail ect

 

[Reet]

I’m always getting notifications from McAfee that my subscription is about or has expired. I have never ever had one.

I've had the same email. I have one telling me if I don't renew it will affecr my receipt of emails. As I never had a subscription with them in the first place I just ignore it.

 

[Camawerton]

I'll definitely be extra vigilant when it comes to clicking on any message links claiming to install Chrome updates. It's all about staying one step ahead of these cybercriminals and safeguarding our personal data.

On that note, I appreciate the recommendation for Octo Browser. It sounds like a useful tool for enhancing online security, especially with its focus on multi-account management. I'll definitely check it out as an added layer of protection. For those interested in exploring Octo Browser further, you can check it out here at https://octobrowser.net/