Cybersecurity researchers have identified a new Trojan that poses a serious threat to Android device users, especially those who bank on their phones. The malware, known as "Brokewell", masquerades as a Google Chrome update, allowing cybercriminals to gain remote access to sensitive information.
Overlay attacks
The discovery was made by security firm ThreatFabric, which has been following the development of this mobile Trojan. According to their report, Brokewell uses overlay attacks to trick users. The technique involves creating a fake screen that is placed on top of a legitimate application, allowing attackers to capture users' access credentials without them realizing it. Additionally, malware can steal session cookies and send them to a command and control (C2) server, giving attackers greater control over the infected device.
Once Brokewell manages to infiltrate a device, it can carry out a series of malicious actions, such as screen casting to capture keystrokes and data displayed in open applications. It can also spy on the device, collecting information such as call history, geolocation, and audio recordings.
A trojan in constant evolution
The threat is especially worrying because the Trojan is constantly evolving. According to ThreatFabric, the Brokewell Cyber Labs repository adds commands and functionality almost daily. The source code includes tools to bypass Android 13+ restrictions, allowing attackers to bypass the operating system's security measures and ultimately compromise the security of users.
One clue to Brokewell's developer is the signature "Baron Samedit," which appears in the malware's source code and other places related to its promotion. This person or group is believed to have been active for at least two years, and is known to provide tools to check stolen accounts. Its presence in clandestine channels suggests that the Trojan could gain popularity among other cybercriminals, increasing its reach and the risk of attacks on clients of financial institutions.
Malware with risk for the banking sector
Cybersecurity experts warn that Brokewell poses a significant risk to the banking sector and that it is essential that Android users stay alert for suspicious updates and have appropriate security measures in place to prevent fraud and the loss of sensitive information.