In February, researchers at McAfee came across a new version of the popular Android XLoader malware, which disguised itself as Chrome to steal information like passwords, texts, photos, and contacts. According to cybersecurity firm G Data, a new malware strain is impersonating Chrome to steal your banking details. Named after the Russian word for a woolly mammoth, 'Mamont' hides in plain sight by impersonating the mobile version of the popular web browser. How does Mamont work? The malware is often distributed by spam and phishing messages. Once installed, the app opens automatically and asks users for various permissions like making and managing phone calls and sending and receiving messages. If an unsuspecting user grants these permissions, it then shows a message to the device owner saying that they are selected for a cash prize. To claim the prize, all they need to do is enter their phone along with their credit card number. Once done, the malware then shows another prompt asking users not to delete the app for the next 24 hours. Since Mamont has access to send and receive SMS, it then scans your inbox for messages that are related to your banking apps. These confidential messages are then sent to a Telegram channel controlled by threat actors, where sensitive information like 2FA codes are used to commit bank fraud and drain money from your bank account. Since the malware has the same icon as Chrome, it makes it hard for users to distinguish between the two. However, the malware is installed as 'Google Chrome' instead of just 'Chrome' and has a black border surrounding the icon as can be seen in the image above. Right now, the malware is only targeting those who speak Russian, but it won't take long for threat actors behind Mamont to target a different demographic. To stay safe from such Android viruses, all you need to do is avoid downloading and installing apps from untrusted sources and stick to official ones like Google Play Store. Also, when you install any app, make sure to pay attention to the permissions it asks for. Meanwhile, Google has maintained that its Play Protect service automatically shields the phone against threats like these. "Google Play Protect automatically protects users by disabling these identified apps. Once the apps are disabled, they cannot run on the device or do any harm on the device. Google Play Protect will also provide a warning and ask users if they would like to fully uninstall," a Google spokesperson said.
