Google is one of the main internet search tools on the web. According to DemandSage, Google Chrome is used by over 3.22 billion people. As it is so widely used, Google has to be careful when it comes to malware and potential viruses.
Discover our latest podcast
As per Forbes, McAfee has issued a warning to all those using Google Chrome that a new ‘very dangerous’ update could lead to malware installing itself on your device. The malware was found by McAfee, an American global computer security software company. The warning explains what to look out for in order to avoid downloading the corrupted update.
Warning issued to Google Chrome users
As per Forbes, a new update for Google Chrome could lead to malware being installed on your device. The ‘update’ is a fraudulent one, not one issued by Google. McAfee warned:
While the app is installed, their malicious activity starts automatically. We have reported this technique to Google and they are already working on the implementation of mitigations to prevent this type of auto-execution in a future Android version.
The malware is being distributed through MoqHao and is being sent via a link via SMS. The malware system has found a way to get through security measures as the link is a short URL. As reported by Forbes, short URL forms are ‘difficult to block’ as they could affect all URLs. If Chrome users click the link, they will be redirected to the malicious site.
What are the risks of the malware?
According to Forbes, if you click the link for the Chrome update, the fraudulent Chrome will ask for expansive user permissions, which includes access to SMS, photos, contacts and even the phone itself.
The fraudulent Chrome is designed to function in the background and to connect with its command and control server. It will manage outgoing and incoming data from the device.
McAfee has warned that this malware is typically found in Asia but this specific one has reached Europe. Moreover, as it is in English, US users could also be affected.
McAfee has also warned that it is only 2 months into 2024 and there have already been 3 'headline-generating Android malware alerts' already, including the latest. McAfee explained:
We expect this new variant to be highly impactful because it infects devices simply by being installed without execution.
Google issued the following statement after McAfee's report:
Android has multi-layered protections that help keep users safe. Android users are currently protected against this by Google Play Protect, which is on by default on Android devices with Google Play Services.
Google added that Google Play Protect warns users and even blocks apps that are known for malicious behaviour 'even when those apps come from sources outside of Play.'
How to avoid malware updates
There are some ground rules you can follow to limit your chances of accidentally installing malicious updates, as per Forbes:
- Make sure to use official app stores, do not use third-party stores.
- Do not grant permissions to an app that it should not need.
- Never click on links sent via email or SMS that ask you to download an app or an update.
- Do not install apps that link to established apps like WhatsApp unless you know for a fact they’re legitimate, check reviews and online write-ups.
Read more:
⋙ Millions of android users warned over Google Chrome - check if your phone will be affected
⋙ Cybersecurity: These 3 signs could indicate that your phone is infected with malware
Sources used:
Forbes: ‘Very Dangerous Update Warning Issued For Google Chrome Users’
DemandSage: ‘35+ Chrome Statistics for 2024 (Users, Data & Facts)’