Clicking on this fake Chrome update could charge your bank account and reveal your location

Security threat company ThreatFabric has released details about a new Android-based banking malware called Brokewell. The name refers to the malware's ability to debit bank accounts, but it can do much more.

The program is said to be in active use at the time of writing and is currently masquerading as an update for Google Chrome for Android. It even goes so far as to closely mimic the actual ads that Google displays for its browser.

ThreatFabric warns that Brokewell has both remote control capabilities and data theft capabilities. All of this is built directly into the malware and does not rely on a cloud connection, making your device especially vulnerable. Like many other current Android malware families, Brokewell is also able to bypass Google-imposed restrictions designed to prevent sideloaded applications from requesting permissions for accessibility services.

After installation and initial launch, Brokewell asks the infected user to grant Accessibility Services permissions. ThreatFabric warns that the malware can then automatically grant itself other permissions, giving itself free access for a range of malicious activities.

So far, Brokewell has been spotted as three popular applications: Google Chrome, ID Austria and Klarna. The security company also warns that Brokewell constantly logs information from all of your apps, making it particularly dangerous: It's not just your banking transactions that are at risk, as the malware can also collect information such as call history, geolocation, and recorded audio.

The rise of malware apps like Brokewell doesn't bode well for the future of Android threats. As more and more criminals manage to circumvent the restrictions introduced in Android 13, Google must find new ways to protect users. Of course, users themselves also need to be careful about what they download and sideload.

If you are currently using an Android phone, you should definitely be careful about what you download and only download applications from trusted sources. Important: If a third-party app asks for access permissions, do not grant them these, otherwise they could allow open access to your device and all the data stored on it.