A concerning malware attack targeting the bank accounts of Android users has been identified by security researchers. Dubbed “Brokewell,” the malware disguises itself as a fake Google Chrome browser update webpage that closely resembles Google’s official messaging style, according to ThreatFabric. When users are directed to this webpage, they are prompted to update Chrome. If users fall for the ruse, criminals gain complete control of the device, enabling them to capture banking credentials, record audio, collect device information, access call history, and track geolocation data. ThreatFabric’s analysis reveals that Brokewell is a new and highly dangerous malware family with a wide range of capabilities. It is equipped with “accessibility logging,” which records every event occurring on the device, including touches, swipes, displayed information, text input, and opened applications. All of this data is then sent to a command-and-control server, allowing the criminals to steal any confidential information displayed or entered on the compromised device. The FTC has released guidelines on avoiding malware attacks, advising people to download software directly from reputable sources, avoid suspicious links, ignore pop-ups, read browser security alerts, and regularly scan devices for malicious activity.