A new vulnerability in Chrome for Android is found which allows hackers to quietly download banking trojan apps (.apk) onto user’s device without their knowledge. A pop-up ad that appears out of nowhere and surprise you that your mobile device has been infected with a dangerous virus and instructs you to install a security app to remove it immediately.
However this malicious advertising web page automatically downloads an APK file to your device without requiring any approval. When an APK file is broken down into pieces and handed over to the save function via Blob() class, there is no check for the type of the content being saved, so the browser saves the APK file without notifying the user, according to a security expert.
Since this August the Trojan has infected over 318,000 Android devices across the world. Google has acknowledged the issue, blocked the malicious ads and planned to patch it in the next update of Chrome.