A warning has been issued to millions of Android users regarding new previously undocumented malware that uses fake Google Chrome updates to trick users into putting their devices at risk. The Trojan malware, dubbed “Brokewell,” can siphon user data, access banking apps, spy on users, and even allow attackers to gain full remote access to Android devices.
“Brokewell poses a significant threat to the banking industry, providing attackers with remote access to all assets available through mobile banking,” Dutch security firm ThreatFabric said in an analysis published this week. The malware, which is equipped “with both data-stealing and remote-control capabilities,” gains access to victims’ Android devices by tricking them into installing the Brokewell Trojan on their phones.
It’s disguised as an update for a new version of Google Chrome, even using a similar visual design as a legitimate Chrome installation prompt to avoid suspicion. Albeit with some obvious grammatical errors — a common tell for these kinds of scams. Instead of saying “The browser built to be yours” like on the original Google prompt, the Brokewell-infested fake version reads “An update is required yours.”
Once downloaded, Brokewell creates an overlay screen in front of whatever apps you’re using to capture login details, steal session cookies, and even type or click on the phone’s screen to steal funds from the compromised device.
The malware itself is “a previously unseen malware family with a wide range of capabilities,” ThreatFabric said. Worse still, Brokewell appears to be in active development and receives regular updates. ThreatFabric traced the malware back to a hacker named Baron Samedit Marais, who is reportedly selling it along with a range of other malicious tools through a site called Brokewell Cyber Labs.
“We anticipate further evolution of this malware family, as we’ve already observed almost daily updates to the malware,” the firm said. “Brokewell will likely be promoted on underground channels as a rental service, attracting the interest of other cybercriminals and sparking new campaigns targeting different regions.”
How to stay safe from Android malware
Android malware is far from uncommon. Just earlier this month, hackers were found to be injecting scripts into websites to display fake Chrome update errors to infect unsuspecting users with malware. When it comes to protecting yourself from Android malware, the first and most important thing you can do is to be extra careful when downloading and installing any updates or new apps.
If you have one of the best Android smartphones, odds are it’ll come with Google Play Protect pre-installed. Be sure to make sure that this app is enabled, as it can scan all of your existing apps and any new ones you download for malware. Likewise, for additional protection, you may also want to consider installing one of the best Android antivirus apps to run alongside it.