Click to Skip Ad
Closing in...

Android malware posing as a fake Chrome update is stealing banking app logins

Published Apr 29th, 2024 3:38PM EDT
Malware detected warning screen.
Image: Getty Images

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Some online scams are more conspicuous than others, but the most insidious can be especially tricky to spot. For instance, last week, cybersecurity firm ThreatFabric uncovered a new Android malware family that cleverly disguises itself as a Google Chrome update. Before you click a link claiming to provide updates for Chrome, be sure that it isn’t fake.

ThreatFabric analysts found the malware — which they dubbed Brokewell — on a fake browser update page designed to fool people into downloading a malicious app. If the page manages to fool you, you’ll end up downloading seriously dangerous malware.

According to the analysts, Brokewell uses overlay attacks to display a fake login screen over a real app to steal user credentials. It can also steal cookies, so when you log in to a website, the malware sends all of the session cookies to a command and control (C2) server.

Brokewell also uses accessibility logging, which lets it record every single event that occurs on the infected device, from taps and swipes to text input and opening apps. All of this is then sent to the C2 server, giving the hackers access to troves of private data.

To make matters worse, once the actors are satisfied with the private data and login credentials they have collected, they can then use the malware’s remote control capabilities to take over the device. They now have full control over the phone or tablet and can use the information they’ve gathered to initiate bank transfers, change passwords, and more.

“The discovery of a new malware family, Brokewell, which implements Device Takeover capabilities from scratch, highlights the ongoing demand for such capabilities among cyber criminals,” ThreatFabric says in its blog post. “These actors require this functionality to commit fraud directly on victims’ devices, creating a significant challenge for fraud detection tools that heavily rely on device identification or device fingerprinting.”

If you own an Android device, stay vigilant and watch out for fake Chrome updates. If you aren’t entirely sure that what you’re downloading is legitimate, you’re better off avoiding it.

UPDATE | May 3, 2024: Google spokespeople reached out with the following comment regarding the fake Chrome update: “Based on our current detection, no apps containing this malware are found on Google Play. Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services. Google Play Protect can warn users or block apps known to exhibit malicious behavior, even when those apps come from sources outside of Play.”

Jacob Siegal
Jacob Siegal Associate Editor

Jacob Siegal is Associate Editor at BGR, having joined the news team in 2013. He has over a decade of professional writing and editing experience, and helps to lead our technology and entertainment product launch and movie release coverage.