Owners of Android devices who browse the web with the Chrome app have received warnings about a new kind of virus that has the potential to drain their bank accounts.
The latest flaw, known as Brokewell, appears to be an app update. Nevertheless, once downloaded, it gives hackers access to both personal information and the full phone, possibly including financial apps.
ThreatFabric, the company that found the issue, supplied screenshots that demonstrate how hard it is to identify the scam.
Users of Android devices are being cautioned by the team to stay vigilant and only download updates from authorized sources, such the Google Play store.
Brokewell poses a “serious threat to the banking industry,” they continued.
‘Our Threat Intelligence shows that device takeover capabilities remain crucial for any modern banking malware family, and new players entering the landscape are no exception,’ the team said on its website.
‘Thus, it comes as no surprise that ThreatFabric analysts recently discovered a new mobile malware family, “Brokewell”, with an extensive set of device takeover capabilities.
‘Brokewell uses overlay attacks, a common technique for Android banking malware, where it overlays a bogus screen on a targeted application to capture user credentials.
‘After stealing the credentials, the actors can initiate a device takeover attack using remote control capabilities.’
How to update Google Chrome on your phone
- On your Android phone or tablet, open the Play Store app
- At the top right, tap the profile icon
- Tap Manage apps and device
- Under ‘Updates available’, find Chrome
- Next to Chrome, tap Update
Once downloaded, Brokewell allows whoever has taken over the device to perform a range of actions, such as touches, swipes, and clicks on specified elements.
The arrival of Brokewell marks a move away from launching dodgy apps to try to hack people’s phones, something cybercriminals have been doing for years and which more and more users are aware of.
By appearing as a perfectly legitimate update to an existing – and well-known – app, users may not stop to consider what they’re doing before hitting download.
However, with the discovery of Brokewell, it is even more important to take your time and properly consider anything that asks to update your device. If in doubt, ignore an update prompt and update the app manually yourself.
