Security
Headlines
HeadlinesLatestCVEs

Headline

Fake Chrome Updates Hide Android Brokewell Malware Targeting Your Bank

By Deeba Ahmed New Android malware alert! Brokewell steals data, takes over devices & targets your bank. Learn how this sneaky malware works & what you can do to protect yourself. Stop Brokewell before it stops you! This is a post from HackRead.com Read the original post: Fake Chrome Updates Hide Android Brokewell Malware Targeting Your Bank

HackRead
#web#android#apple#google#git#intel#backdoor#auth#chrome

Brokewell malware poses a new cybersecurity threat to your device and personal information. Unlike your typical data-stealing app, Brokewell takes it a step further by granting attackers near-complete control of your phone.

In their report, fraud risk firm ThreatFabric’s threat intelligence researchers shared details of a newly discovered Android banking malware dubbed Brokewell, which uses overlay attacks to capture user credentials and steal cookies.

Further probing revealed a repository called “Brokewell Cyber Labs,” created by an individual “Baron Samedit.” This repository hosted the source code for the “Brokewell Android Loader,” a tool designed to bypass Android 13+ accessibility restrictions and widely used by cybercriminals.

Brokewell has previously been used in campaigns targeting “buy now, pay later” financial services like Klarna and in exploiting the Austrian digital authentication application, ID Austria.

****Fake Updates, Real Danger****

Brokewell hides behind a familiar facade – fake software updates. It typically masquerades as a critical update for Google Chrome, tricking users into downloading and installing it. Once installed, Brokewell unleashes its wrath as it isn’t just after your login credentials. It’s a comprehensive toolkit for conducting a wide-scale data theft.

Fake Chrome browser update as seen by ThreatFabric

The trojan uses its own WebView to load a legitimate website and dumps session cookies after the victim completes the login process. Brokewell also has “accessibility logging” capabilities, capturing every event on the device, posing a threat to all installed applications.

****What Information is at Stake?****

Brokewell can steal a wide range of information, including call logs, text messages, and contact lists. Moreover, it looks for your financial apps and if found, it overlays fake login screens on top of legitimate banking apps, capturing your login details without you realizing it.

The most problematic part is that Brokewell grants attackers remote access to your device. It supports spyware functionalities, collecting device information, geolocation, and recording audio. After stealing credentials, the actors can initiate a Device Takeover attack using remote control capabilities.

****An Evolving Threat****

In their blog post, ThreatFabric researchers warned that althoughBrokewell is under active development, the malware’s creators are constantly adding new features to enhance its capabilities.

To protect yourself from Brokewell and other malicious software, download apps from the official Google Play Store only. Be cautious of fake updates and always use a reputable security app. Staying updated on the latest Android security threats is crucial to protect your device.

****Experts’ Opinion****

Ray Kelly, Fellow from Synopsys Software Integrity Group shared their thoughts on Brokewell’s discovery with Hackread.com stating, As a policy, users should never install apps outside of the Google and Apple stores as Malware often sneaks in through ‘side loading’ apps, especially on rooted or jailbroken devices from fake stores.

“What makes this instance different is that the malicious app sideloaded on non-rooted devices and bypassed Google’s security measures,” stressed Ray. The key takeaway is don’t fall for web popups prompting app updates; always rely on the Play Store for updates to safeguard against such threats.

  1. Android TV Boxes Infected with Backdoors
  2. SpyNote Android Spyware Poses as Legit Crypto Wallets
  3. Fake YouTube Android Apps Used to Distribute CapraRAT
  4. Xamalicious Backdoor Infects 25 Apps, Affects 327K Devices
  5. Android Malware FjordPhantom Steals Funds Via Virtualization

HackRead: Latest News

Scammers Target BASE and Ethereum with Political Meme Coins and Rug Pulls