Important warning: A malicious program targets Android users’ bank accounts

A team of hackers has launched a malicious program, called “Brokewell,” targeting the bank accounts of Android users.

Brokewell currently appears as an update to the Google Chrome browser on the Android operating system.

A security alert said Brokewell was “in active development, with new commands being added almost daily.”

The program includes a set of "spyware" tools capable of secret monitoring and remote control of an Android phone.

Cybersecurity experts at ThreatFabric warned of the malware's ability to "collect phone information, call history, geolocation, and audio recording."

“Brokewell targeted Klarna, a popular 'buy now, pay later' financial app, and ID Austria, the official digital authentication service created by the Austrian national government,” they wrote.

Brokewell uses "overlay attacks", which create a fake screen on top of the targeted banking app, to steal a user's login credentials.

Brokewell then actually steals the “temporary cookies” used by the banking app, so that the hacker can bypass security measures such as two-factor authentication later, by impersonating the user without the need for proof of identity.

Experts warned that Brokewell's new advanced hacking tools will increase the possibility of using its ability to bypass the security measures currently in place on Android devices running Android 13 and later.