Android users should beware: Cybercriminals are rolling out a new strain of malware disguised as a routine Google Chrome update.
Google Chrome is the new target of hackers. This malicious Trojan, dubbed “Brokewell,” can infiltrate devices and access banking applications, putting users’ finances at risk. The threat was discovered by researchers at Dutch cybersecurity company ThreatFabric. Their analysis reveals that the Brokewell Trojan is a “never-before-seen malware family” capable of collecting sensitive user data, spying on their activities and taking remote control of compromised Android phones.
What makes this Trojan so insidious is that it uses fake Chrome update prompts to trick victims into installing the malware themselves. The questionable update screen is designed to look virtually identical to a legitimate Chrome browser update, making it easy to fool unsuspecting users.
Also read – Android: this malware drains your bank account by controlling your smartphone remotely
Malware can collect your banking data
Once installed on an Android device, Brokewell uses overlay attacks to stealthily insert fraudulent login screens and data collectors on legitimate apps such as banking and financial services. This allows it to steal usernames, passwords, session cookies and other sensitive data in real time when users interact with secure applications.
The Trojan’s “accessibility logging” feature is particularly worrying, as it captures all screen touches, swipes, text inputs, and application activity. Brokewell thus sends all this private data back to its operators, making virtually no application or action safe.
Even more worrying, the malware allows threat actors to take remote control of compromised Android smartphones, paving the way for various malicious actions such as initiating illicit transactions or siphoning funds directly from banking applications.
While Brokewell has been traced back to a specific threat actor called “Baron Samedit Marais,” ThreatFabric expects the malware to be actively promoted and praised across dark web hacker communities, sparking new waves harmful campaigns. For Android users, the security advisory is clear: use extreme caution when asked to update Chrome or other Google apps through channels other than the Play Store.