Android users are being warned of a phony Google update that is pushing malware onto devices.
The attackers behind this scheme are domain squatting URLs that are similar to ones used by Google for legitimate updates, hoping to snare less-than-vigilant users.
Researchers at Zscaler said yesterday in a report that the attackers invested heavily in this tactic to sidestep URL monitoring and security software in place on the device.
“These URLs are observed to be very short lived,” Zscaler said. “And are regularly replaced with newer ones to serve the malware and effectively evade URL based filtering.”