The cybersecurity company ThreatFabric has identified a new cyber threat targeting the banking sector. It’s about the malware called “Brokewell“, capable of stealing sensitive user data, including cookies, and allowing attackers complete remote access to devices Android.
As reported by ThreatFabric and first published in SecurityWeek, “Brokewell” represents a significant threat to the banking industry, offering attackers remote access to all resources available via mobile banking.” The Trojan is currently under active development, with new commands being added almost daily.
Hackers trick victims into installing “Brokewell” malware on their Android devices, often disguised as a fake web browser “update” page Google Chrome. This page mimics the design, layout, and text of an authentic Chrome installation prompt, although it has glaring grammatical errors that call it false.
Once installed, the malware allows attackers to freely spy on the victim’s device to steal financial login credentials or even interact directly with the phone’s screen to steal funds. Furthermore, the Android Trojan allows other device-taking functions, such as drawing on the screen, moving between screens or simulating scrolling movements. Attackers can also annoy or tease the victim by sending incessant vibrations, activating the phone’s screen, or changing the phone’s brightness level.
Sale and distribution of malware
ThreatFabric has revealed that an individual calling himself “Baron Samedit Marais” has claimed responsibility for creating the malware and is allegedly selling the “Brokewell” malware along with a range of other malicious tools via a site called “Brokewell Cyber Labs”. In the past, malware has targeted Klarna accounts, and a screenshot shared by the cybersecurity firm suggests that the cybercriminal may also offer tools that target PayPal, Amazon, Dropbox, Apple, and American Express accounts.
ThreatFabric expects further evolution of this malware family, as almost daily updates have already been observed. “Brokewell” is likely to be promoted on the Dark Web as a service for hire, attracting the interest of other cybercriminals and triggering new campaigns targeting different regions.
While Android-specific malware is nothing new, with over a dozen apps in the Google Play Store found containing a type of malware that allows complete device control in the past year, it is possible to protect yourself. There are antivirus and antimalware protection apps for Android devices that monitor dangerous links while browsing online and can clean infected devices if necessary.
