Security experts at Threat Fabric have recently identified a new and dangerous malware Android is able to show the hacker whatever action is performed on the infected smartphone and offer him full remote control. Named Brokewell, it is malware from a previously unknown family which allows the attacker to carry out a myriad of operations. Let’s see the details and how to recognize it.
Brokewell it was developed by a hacker identified as Baron Samedit, already known to cybersecurity experts for having created and sold tools to verify stolen accounts. The malware in question is usually installed inside the device Android via a fake update page Google Chrometherefore targeting the most unaware users.
This is a technique widely used by cybercriminals and appeals to that segment of users less accustomed to technology who, by clicking on the update button, unconsciously install the malware. The latter thus infiltrates the device at system level and allows the hacker to take full control of it causing considerable damage.
In the image below you can see a comparison of the legitimate page that invites you to update Google Chrome with the fake one developed by the malware in question.
What Brokewell allows you to do and how to defend yourself
Threat Fabric describes Brokewell as a “previously unknown malware family with many features”. In the past, these types of malware were used for campaigns targeting “buy now, pay later” financial services and an Austrian authentication app called ID Austria, while this new version appears to target Android users in general.
Once the device in question has been infected via the fake Google Chrome update page, Brokewell It sneaks inside the operating system and allows hackers to steal sensitive data. The most worrying thing is that the malware boasts a very extensive series of features: it is able to imitate the login screens of some apps, tricking users into logging in with their credentials, but also to intercept cookies, record any movement or user touch on the smartphone, collect hardware details and record calls and even surrounding audio.
The hacker can also take full control of the infected device, having real-time access to everything that is shown on the phone’s display and being able to remotely perform actions such as simulating the back or home button, typing text in specific fields and changing system settings such as brightness or volume.
As we have seen, therefore, Brokewell it is a very dangerous malware that manages to bypass all Android protections, with a serious risk to the privacy of the users involved. In this case, the usual general rule applies to protect yourself from threats of this kind: it is good practice to download applications and updates only from Google Play Store and avoid sideloading APK files unless they come from sources you trust.
