Android users are being warned of a new type of malware connected to the Chrome internet browsing app, which has the potential to take control of users’ phones and potentially access banking information.
The new malware, named Brokewell, reportedly disguises itself as an update for Chrome.
Once downloaded, it can allow cybercriminals to access sensitive personal data.
According to ThreatFabric, the computer support company that discovered and named the bug, it possesses an “extensive set of Device Takeover capabilities” and “poses a significant threat to the banking industry”.
Android users are warned to be on alert, and to download only updates from official sources.
Brokewell reportedly uses techniques common with Android banking malware, and ”overlays a bogus screen” to capture user credentials.
“Brokewell is equipped with ‘accessibility logging’, (which) captures every event happening on the device: touches, swipes, information displayed, text input and applications opened,” ThreatFabric said.
“All actions are logged and sent to the command-and-control server, effectively stealing any confidential data displayed or entered on the compromised device.
“Brokewell logs every event, posing a threat to all applications installed on the device.”
ThreatFabric warns that only robust, “multi-layered” fraud detection systems can counteract malware such as Brokewell.
The Australian government’s Cyber Security Centre recommends Aussies check the privacy permissions carefully when installing new apps on their device, particularly for free apps.
It also urges users to install apps only from reputable vendors.