New 'Brokewell' Android malware can steal user data and access banking apps
A warning has been issued to millions of Android users regarding new previously undocumented malware that uses fake Google Chrome updates to trick users into putting their devices at risk. The Trojan malware, dubbed "Brokewell," can siphon user data, access banking apps, spy on users, and even allow attackers to gain full remote access to Android devices.
"Brokewell poses a significant threat to the banking industry, providing attackers with remote access to all assets available through mobile banking," Dutch security firm ThreatFabric said in an analysis published this week. The malware, which is equipped "with both data-stealing and remote-control capabilities," gains access to victims' Android devices by tricking them into installing the Brokewell Trojan on their phones.
It's disguised as an update for a new version of Google Chrome, even using a similar visual design as a legitimate Chrome installation prompt to avoid suspicion. Albeit with some obvious grammatical errors — a common tell for these kinds of scams. Instead of saying "The browser built to be yours" like on the original Google prompt, the Brokewell-infested fake version reads "An update is required yours."
.png)
