Urgent warning for Android users over bug that can empty your bank account

The Chrome browser is popular with Android users (Picture: Getty)

Android owners who use the Chrome app for browsing online have been warned about a new type of malware that could empty their bank accounts.

The bug, called Brokewell, is disguised as an update for the app. However, when downloaded, it allows cybercriminals to not only access personal data, but also take over the entire phone – potentially allowing them access to banking apps.

Screenshots provided by ThreatFabric, which discovered the bug, show how difficult it is to spot the fraud.

The team is warning Android users to be on alert, and only download updates from official sources, such as through the Google Play store.

They added that Brokewell is a ‘significant threat to the banking industry’.

‘Our Threat Intelligence shows that device takeover capabilities remain crucial for any modern banking malware family, and new players entering the landscape are no exception,’ the team said on its website.

The official Chrome update, left, and fake update from Brokewell, right

‘Thus, it comes as no surprise that ThreatFabric analysts recently discovered a new mobile malware family, “Brokewell”, with an extensive set of device takeover capabilities.

‘Brokewell uses overlay attacks, a common technique for Android banking malware, where it overlays a bogus screen on a targeted application to capture user credentials.

‘After stealing the credentials, the actors can initiate a device takeover attack using remote control capabilities.’


How to update Google Chrome on your phone

  1. On your Android phone or tablet, open the Play Store app
  2. At the top right, tap the profile icon
  3. Tap Manage apps and devices
  4. Under ‘Updates available’, find Chrome
  5. Next to Chrome, tap Update

Once downloaded, Brokewell allows whoever has taken over the device to perform a range of actions, such as touches, swipes, and clicks on specified elements.

The arrival of Brokewell marks a move away from launching dodgy apps to try to hack people’s phones, something cybercriminals have been doing for years and which more and more users are aware of.

By appearing as a perfectly legitimate update to an existing – and well-known – app, users may not stop to consider what they’re doing before hitting download.

However, with the discovery of Brokewell, it is even more important to take your time and properly consider anything that asks to update your device. If in doubt, ignore an update prompt and update the app manually yourself.

MORE: Urgent warning to iPhone users to update software to stop Bluetooth stalking

MORE: There’s a new scam called ‘smishing’ that’s incredibly sophisticated

MORE: 5 old school WhatsApp features you probably didn’t know about

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

-

-

PREV Alexandra Lamy (The Test): her cousin is a famous politician!
NEXT REPLAY. War in Ukraine: to make peace, “all parties must be involved” says the final communiqué