Every now and then, developers push out updates to their apps. These updates fix bugs, patch security holes, add new features, and generally offer up improvements. Unfortunately, it seems that some bad actors are taking advantage of these updates. According to a report from Threat Fabric, a new Chrome malware has been found disguising itself as an update.
This update comes in the form of a link, which when clicked opens a website that asks users to update their Chrome browser on Android. If you end up clicking the link, you’ll end up downloading malware on your phone. This malware, dubbed Brokewell, will basically attempt to steal your login information for websites you visit.
It will overlay a fake login screen over an actual app, so when you enter the details, those details are sent to the hackers. This fake Chrome malware can even go one step further. It can be used to take over your phone entirely and allow the attack to control it remotely. This isn’t the first time we’ve spotted malware disguising itself as a Chrome update, and we doubt it will be the last.
The simplest way to avoid this malware is to check the Google Play Store for updates. Chrome is an app by Google. As such, any updates will be available from the Play Store directly. If you receive a link asking you to update, just ignore it. Fire up the Play Store and check to see if an update is available. If there is, just download it from the Play Store directly, and if there isn’t, then you can ignore it.