Android phone users have been issued an urgent warning over a new piece of malware that could empty their bank accounts.

The bug, which is called Brokewell, disguises itself as a Google Chrome update and gives cybercriminals access to the entire device, including banking apps.

This comes as technology experts warn users to make sure they are downloading legitimate updates.

Android phone users who use the Google Chrome app issued urgent malware warning

Hereford Times: Brokewell gives cybercriminals access to phones, including banking appsBrokewell gives cybercriminals access to phones, including banking apps (Image: Getty)

In recent screenshots shared by Threatfabric, it was shown how difficult it is to spot one of these fake updates.

The team told Android phone users who use the Google Chrome app to surf the web to be extra careful about what they install to avoid any risk of getting their personal information stolen.

The group told the Metro that Brokewell is a "significant threat to the banking industry.

"Our Threat Intelligence shows that device takeover capabilities remain crucial for any modern banking malware family, and new players entering the landscape are no exception."

"Thus, it comes as no surprise that ThreatFabric analysts recently discovered a new mobile malware family, “Brokewell”, with an extensive set of device takeover capabilities.


Recommended Reading: 

Users of a specific type of phone urgently warned to remove these 5 apps now

Millions of mobile users warned to delete 19 dangerous apps immediately


"Brokewell uses overlay attacks, a common technique for Android banking malware, where it overlays a bogus screen on a targeted application to capture user credentials.

"After stealing the credentials, the actors can initiate a device takeover attack using remote control capabilities."

Once downloaded, brokewell allows criminal parties to take a range of actions such as touches, swipes, and clicks on specified elements.