Millions of Android users warned of chilling attack that can see everything on their screen and leave accounts empty
ANDROID users have been warned of a fresh cyber threat that can see everything on their screen before raiding their accounts.
The chilling spyware can capture touches, swipes, information displayed, text input, and applications opened, according to experts at ThreatFabric.
They say it poses "a significant threat to the banking industry".
But this new Android danger doesn't come via a dubious app as in previous cases.
Malware families like Brokewell pose a significant risk for customers of financial institutions
ThreatFabric
Instead it's all executed via a very convincing Chrome alert that is actually fake.
The false notification appears in the popular web browser telling users they need to update.
Read more about Android
It has an identical look to an authentic page used by Google with the logo and familiar font.
But clicking the button allows secret malware onto your device allowing hackers to take over, researchers say.
Once invaders are in, they can capture taps and text inputs, stealing sensitive data used to access accounts, it's claimed.
Bad actors can apparently find out the physical location of the device and captures audio using from the microphone too.
The malware has been called Brokewell and is said to be in "active development, with new commands added almost daily".
"Brokewell will likely be promoted on underground channels as a rental service, attracting the interest of other cybercriminals and sparking new campaigns targeting different regions," ThreatFabric said.
"Malware families like Brokewell pose a significant risk for customers of financial institutions, leading to successful fraud cases that are hard to detect without proper fraud detection measures."
STAYING SAFE
To avoid falling foul of scams like Brokewell users should always check the source of downloads and alerts.
Does it go to an authentic web page with a Google address or is it a random one? If it's random, it's probably not genuine.
Hackers also like to rely on urgency in their messaging, designed to trick people into making rash decisions without taking the time to think.
Fraudsters sometimes make simple spelling and grammar errors too, so that's something to look out for.
When downloading apps, it's always safest to do so via official stores like Google Play or Samsung's Galaxy Store.
READ MORE SUN STORIES
Google Play Protect is a feature that runs safety checks on apps from Google Play before you download them.
It can deactivate or remove harmful apps from your device if they're detected as well.
Must-know Android tips to boost your phone
Get the most out of your Android smartphone with these little-known hacks: