ThreatFabric’s computer security experts have acquired Brokewell, a particularly sophisticated banking Trojan targeting Android users. The malware, which is still in active development, stands out from the rest due to (or due to) its extensive capabilities for monitoring infected devices, as well as remote management.
Growing threat
Brokewell is distributed through a fake Google Chrome browser update alert, a deception technique often used to lure users. Once installed, this malware can record all user interactions with the device, from typing to launching applications.
The Brokewell Trojan has several particularly disturbing features. First, it imitates the login screens of target applications to steal credentials through overlay attacks. It also uses its own WebView to intercept and retrieve cookies after a user logs into a legitimate site, recording interactions such as taps, swipes, and text inputs.
In addition, Brokewell can collect detailed information about the hardware and software of the victim’s device, access call logs, locate the device, record audio through a microphone, and even take full control of a smartphone or computer. This includes viewing the screen in real time, performing gestures remotely, tapping on specific screen elements, and simulating physical button presses.
Researchers attribute the creation of Brockwell to a man nicknamed Baron Samedit. For at least two years, this hacker has been selling tools to verify the validity of stolen accounts. Another notable tool has been discovered – Brokewell Android Loader, also created by Samedit. This utility helps bypass Google’s restrictions on accessibility services for apps installed via sideloading, a problem that has become more pronounced with the advent of malware deployment services.
Researchers warn against these new methods, which allow apps downloaded from dubious sources to gain access that would normally be restricted. They predict that Brokewell will continue to be developed and distributed on underground forums as “malware as a service” (MaaS).
To protect your Android from malware infections, it is recommended that you avoid downloading apps or app updates outside of the Google Play Store and ensure that you always have Play Protect enabled on your device. Google has confirmed that Play Protect automatically protects users from known versions of this malware.
🟣 To stay up-to-date with Journal du Geek, subscribe to Google News. And if you love us, we have a newsletter every morning.
Related Posts
New delay for the first manned flight of the Boeing Starliner capsule
How the geomagnetic storm that hit Earth last week could trigger a wave of hurricanes
