Major alert! Fake Chrome update for Android installs trojan that will access your banking apps
UPDATE: Google has reached out to us today and gave us the following statement. "Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services. Google Play Protect can warn users or block apps known to exhibit malicious behavior, even when those apps come from sources outside of Play."
Android users need to be alert for a fake Google Chrome update that tricks them into installing a trojan malware known as "Brokewell." This type of malware pretends to be an ordinary app but once installed on a phone, it becomes malware. The "Brokewell" trojan is known for collecting phone owner's personal data, and it can also allow an attacker to remotely take control of an Android phone. It can also spy on users and access banking apps wiping out victims of the trojan.
ThreatFabric, a Dutch security firm, says that there is a good reason why the word "broke" is included in the name of the trojan. "The analysis of the samples revealed that Brokewell poses a significant threat to the banking industry, providing attackers with remote access to all assets available through mobile banking. The Trojan appears to be in active development, with new commands added almost daily."
The legitimate Chrome update is on the left while the one on the right is a fake
The "Brokewell" trojan uses a fake Chrome browser update that almost looks like the real thing and it is easy to see how a smartphone user can be tricked into installing it. The malware uses what is known as the "overlay" technique. A fake screen is placed over a targeted application (such as a banking app) and captures the login info, including the user's username and password for a particular app.
With "accessibility logging," the malware captures all touches, text inputs, swipes, apps opened, and information displayed. This data is sent to the command-and-control server, essentially stealing personal data. Because every event is captured by the trojan, all apps downloaded on a phone are vulnerable. Once the malware steals the phone user's credentials, the attackers can take over control of the phone remotely.
The "Brokewell" trojan is serious. If you receive an update for the Chrome browser for Android, ignore it. You can always update the app via the Google Play Store.
Things that are NOT allowed: