The security flaw has been only reported in Android.
A new bug has been discovered in Chrome browser for Android based smartphones which allows automatic installations of apps without user consent.
According security website Extension Defender, the apps after getting downloaded are capable of hacking into users’ personal information and send it back to the malware author.
The firm cited that a Browser Extension Monetization company named Revjet.io uses snippet code from Vulcun.com, desktop-to-mobile ad server, which helps developers integrate advertisements into their apps.
The code is designed to run itself in the background and install apps without user consent, because the confirmation dialogue and permission prompts are not shown to the user.
Vulcun.com gets paid by app developers every time an app gets installed; the practice is seen by ad services that make money by delivering installations even if the user does not wish to install the apps.
According to Extension Defender the malware uses 3Dnator, FB Auto-Poker, Post To Tumblr, and Alert Control apps.