Be careful with Chrome on your Android phone

New type of attack uses the features of Chrome on Android phones, which hide the address bar when the user scrolls the page down. The address will reappear when you scroll the page up.

An attacker can exploit this feature and force the browser to hide the original address bar and instead display its own, falsified.

So, for example, if you click a link in an email that looks like a message from your bank, you can access the modified page of the attacker, which looks like a bank’s website, and the address bar will match (see James Fisher’s video below) ). If you enter your login information on the page, you send it directly to the attacker.

How to defend yourself? This is the use of the Chrome feature and there is no (yet) released update to change this behavior. Therefore, be aware of the links you open from email.

Good practice is not to click on links that are supposed to lead to sites where you have to enter your data. For example, if you have a message that needs to be resolved in your Internet banking, open the browser and simply enter the address manually, or use the saved (and verified) bookmarks.


Jmenuji se Milan Půlkrábek, pamatuji si počítače bez internetu, Internet bez Google a mobilní komunikaci bez šifrování. Mám za sebou více než dvacet let profesionální praxe v IT, přednáším a píšu články o IT bezpečnosti, kryptoměnách a nových technologiích. Od roku 2014 jsem součástí nezikové organizace Paralelní Polis v Praze.