Cybersecurity firm ThreatFabric has flagged a new series of banking Trojan malware dubbed “Brokewell” that can swipe user data including cookies and even allow attackers to gain full remote access to Android devices.”Brokewell poses a significant threat to the banking industry, providing attackers with remote access to all assets available through mobile banking,” ThreatFabric writes in its analysis, which was first reported by SecurityWeek. “The Trojan appears to be in active development, with new commands added almost daily.”Attackers gain access to victims’ Android devices by tricking them into installing Brokewell Trojan malware on their smartphones. The malware is typically disguised as a fake Google Chrome web browser “update” page, using a visual design, layout, and text that’s very similar to a legitimate Chrome installation prompt. Like many scams, however, the fake Chrome page’s text has obvious grammatical errors. Instead of Google’s original, which reads “The browser built to be yours,” the Brokewell-infested fake version reads “An update is required yours.”One installed on a victim’s Android device, the malware gives attackers free reign to spy on the user’s device to swipe financial login credentials or even type and click on the phone’s screen to steal funds directly from the victim’s phone itself. The Android trojan also allows for other device takeover functions like drawing on the screen, moving back or to the home screen, or simulating swiping motions. The attacker could even harass or troll the victim by sending incessant phone vibrations, waking up the phone’s screen, or changing the screen’s brightness level. ThreatFabric reports that an individual claiming their name is “Baron Samedit Marais” has taken responsibility for the malware’s creation and is supposedly selling the Brokewell malware along with a range of other malicious tools through a site called “Brokewell Cyber Labs.” Brokewell malware has targeted Klarna accounts in the past, and a screenshot shared by the cybersecurity firm suggests the threat actor may also be offering tools that target PayPal, Amazon, Dropbox, Apple, and American Express accounts.
Recommended by Our Editors
“We anticipate further evolution of this malware family, as we’ve already observed almost daily updates to the malware. Brokewell will likely be promoted on underground channels as a rental service, attracting the interest of other cybercriminals and sparking new campaigns targeting different regions,” ThreatFabric states.Android-specific malware isn’t uncommon. Last year, over a dozen apps on the Google Play Store were found to contain a type of malware that enables full device takeover. While malware can be devastating, it is preventable. There are antivirus and malware protection apps for Android devices that can watch for dangerous links while you browse online and wipe infected devices if needed.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
