It has been reported that Android users who wish to update their Chrome browser should take extra precautions to ensure that the update confirmation link they click on is genuine. Researchers at ThreatFabric have discovered a malware called Brokewell that is designed to trick Chrome users into downloading a malicious app. The malware uses overlay attacks to show a fake login screen on a real app and steal user credentials. Additionally, it can steal cookies, enabling it to transmit all session cookies to a command and control (C2) server when the victim logs in to a website.
Brokewell uses accessibility logging to record all events that occur on the infected device, such as text input, app openings, swipes, and taps and sends them to the C2 server for hackers to access private data stores. What’s more, the malware’s remote control capabilities allow attackers to take over the device once they’ve collected the private data and Chrome credentials. Consequently, they can gain full control of the phone or tablet and use the stolen information to initiate bank transfers or change passwords.
In a blog post, ThreatFabric noted that the discovery of a new strain of malware highlights the ongoing need for cybercriminals to take over devices. Fraud detection tools that rely heavily on device identification face a significant challenge when attackers require such functionality to commit fraud directly on the victim’s device.
To avoid falling victim to this kind of attack, Android users should be vigilant and watch out for fake Chrome updates. It’s always better to avoid downloading software if you’re not entirely certain that it’s legitimate.
