Google to patch Chrome mobile hole after bank trojan hits 318k users

An Android Chrome bug that’s already under attack – with criminals pushing banking trojans to more than 300,000 devices – won’t get patched until the next release of the mobile browser.

The flaw allows malware writers to quietly download Android app installation (.apk) files to devices without requiring approval.

Users need to install the banking trojan apps and tweak settings to allow installation of apps from stores other than Google Play to be infected; however, attackers increased the likelihood of compromise by using the titles of popular Android apps such as Skype, MinecraftPE, and WhatsApp.

Kaspersky researchers Mikhail Kuzin and Nikita Buchka found the flaw last month in a wide-spread campaign across Russian news sites and web properties.