Brokewell malware poses a new cybersecurity threat to your device and personal information. Unlike your typical data-stealing app, Brokewell takes it a step further by granting attackers near-complete control of your phone.
In their report, fraud risk firm ThreatFabric’s threat intelligence researchers shared details of a newly discovered Android banking malware dubbed Brokewell, which uses overlay attacks to capture user credentials and steal cookies.
Further probing revealed a repository called “Brokewell Cyber Labs,” created by an individual “Baron Samedit.” This repository hosted the source code for the “Brokewell Android Loader,” a tool designed to bypass Android 13+ accessibility restrictions and widely used by cybercriminals.
Brokewell has previously been used in campaigns targeting “buy now, pay later” financial services like Klarna and in exploiting the Austrian digital authentication application, ID Austria.
Fake Updates, Real Danger
Brokewell hides behind a familiar facade – fake software updates. It typically masquerades as a critical update for Google Chrome, tricking users into downloading and installing it. Once installed, Brokewell unleashes its wrath as it isn’t just after your login credentials. It’s a comprehensive toolkit for conducting a wide-scale data theft.
The trojan uses its own WebView to load a legitimate website and dumps session cookies after the victim completes the login process. Brokewell also has “accessibility logging” capabilities, capturing every event on the device, posing a threat to all installed applications.
What Information is at Stake?
Brokewell can steal a wide range of information, including call logs, text messages, and contact lists. Moreover, it looks for your financial apps and if found, it overlays fake login screens on top of legitimate banking apps, capturing your login details without you realizing it.
The most problematic part is that Brokewell grants attackers remote access to your device. It supports spyware functionalities, collecting device information, geolocation, and recording audio. After stealing credentials, the actors can initiate a Device Takeover attack using remote control capabilities.
An Evolving Threat
In their blog post, ThreatFabric researchers warned that althoughBrokewell is under active development, the malware’s creators are constantly adding new features to enhance its capabilities.
To protect yourself from Brokewell and other malicious software, download apps from the official Google Play Store only. Be cautious of fake updates and always use a reputable security app. Staying updated on the latest Android security threats is crucial to protect your device.
Experts’ Opinion
Ray Kelly, Fellow from Synopsys Software Integrity Group shared their thoughts on Brokewell’s discovery with Hackread.com stating, “As a policy, users should never install apps outside of the Google and Apple stores as Malware often sneaks in through ‘side loading’ apps, especially on rooted or jailbroken devices from fake stores.“
“What makes this instance different is that the malicious app sideloaded on non-rooted devices and bypassed Google’s security measures,” stressed Ray. “The key takeaway is don’t fall for web popups prompting app updates; always rely on the Play Store for updates to safeguard against such threats.“
RELATED TOPICS
- Android TV Boxes Infected with Backdoors
- SpyNote Android Spyware Poses as Legit Crypto Wallets
- Fake YouTube Android Apps Used to Distribute CapraRAT
- Xamalicious Backdoor Infects 25 Apps, Affects 327K Devices
- Android Malware FjordPhantom Steals Funds Via Virtualization