Some online scams are more conspicuous than others, but the most insidious can be especially tricky to spot. For instance, last week, cybersecurity firm ThreatFabric uncovered a new Android malware family that cleverly disguises itself as a Google Chrome update. Before you click a link claiming to provide updates for Chrome, be sure that it isn’t fake.
ThreatFabric analysts found the malware — which they dubbed Brokewell — on a fake browser update page designed to fool people into downloading a malicious app. If the page manages to fool you, you’ll end up downloading seriously dangerous malware.
According to the analysts, Brokewell uses overlay attacks to display a fake login screen over a real app to steal user credentials. It can also steal cookies, so when you log in to a website, the malware sends all of the session cookies to a command and control (C2) server.
Brokewell also uses accessibility logging, which lets it record every single event that occurs on the infected device, from taps and swipes to text input and opening apps. All of this is then sent to the C2 server, giving the hackers access to troves of private data.
Tech. Entertainment. Science. Your inbox.
Sign up for the most interesting tech & entertainment news out there.
Email: SIGN UP
By signing up, I agree to the Terms of Use and have reviewed the Privacy Notice.
To make matters worse, once the actors are satisfied with the private data and login credentials they have collected, they can then use the malware’s remote control capabilities to take over the device. They now have full control over the phone or tablet and can use the information they’ve gathered to initiate bank transfers, change passwords, and more.
“The discovery of a new malware family, Brokewell, which implements Device Takeover capabilities from scratch, highlights the ongoing demand for such capabilities among cyber criminals,” ThreatFabric says in its blog post. “These actors require this functionality to commit fraud directly on victims’ devices, creating a significant challenge for fraud detection tools that heavily rely on device identification or device fingerprinting.”
If you own an Android device, stay vigilant and watch out for fake Chrome updates. If you aren’t entirely sure that what you’re downloading is legitimate, you’re better off avoiding it.
The post Android malware posing as a fake Chrome update is stealing banking app logins appeared first on BGR.