When the APK file is executed after downloading, the fake Google chrome update asks for administrative right. As most users will think this is from Google, they will grant the permission. Once the malware is given such permission, it will start its malicious behavior by first registering the device with a C&C server, then check antivirus installed on the phone and terminate their process. The malware can monitor SMS and call on the infected device and can also steal SMS by sending it to the C&C server.
The most dangerous thing the malware does is, stealing credit card credentials. Each time the user of the infected device opens Google Play Store app, a popup appears asking the user to enter his/her credit card details. If by mistake the user enters the details, this is sent via SMS to a phone number in Russia (+7926XXXX135).
We advise our readers to update their applications only through Google Play Store.