Some online scams are more conspicuous than others, but the most insidious can be especially tricky to spot. For instance, last week, cybersecurity firm ThreatFabric uncovered a new Android malware family that cleverly disguises itself as a Google Chrome update. Before you click a link claiming to provide updates for Chrome, be sure that it isn’t fake.
ThreatFabric analysts found the malware — which they dubbed Brokewell — on a fake browser update page designed to fool people into downloading a malicious app. If the page manages to fool you, you’ll end up downloading seriously dangerous malware.
According to the analysts, Brokewell uses overlay attacks to display a fake login screen over a real app to steal user credentials. It can also steal cookies, so when you log in to a website, the malware sends all of the session cookies to a command and control (C2) server.
Brokewell also uses accessibility logging, which lets it record every single event that occurs on the infected device, from taps and swipes to text input and opening apps. All of this is then sent to the C2 server, giving the hackers access to troves of private data.
To make matters worse, once the actors are satisfied with the private data and login credentials they have collected, they can then use the malware’s remote control capabilities to take over the device. They now have full control over the phone or tablet and can use the information they’ve gathered to initiate bank transfers, change passwords, and more.
“The discovery of a new malware family, Brokewell, which implements Device Takeover capabilities from scratch, highlights the ongoing demand for such capabilities among cyber criminals,” ThreatFabric says in its blog post. “These actors require this functionality to commit fraud directly on victims’ devices, creating a significant challenge for fraud detection tools that heavily rely on device identification or device fingerprinting.”
If you own an Android device, stay vigilant and watch out for fake Chrome updates. If you aren’t entirely sure that what you’re downloading is legitimate, you’re better off avoiding it.
UPDATE | May 3, 2024: Google spokespeople reached out with the following comment regarding the fake Chrome update: “Based on our current detection, no apps containing this malware are found on Google Play. Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services. Google Play Protect can warn users or block apps known to exhibit malicious behavior, even when those apps come from sources outside of Play.”