Brokewell malware spreads via fake Chrome updates

3 Min Read

Android mobile users should remain wary of new malware, ‘Brokewell’, that is ready to break their banks. As noted, Brokewell is a powerful banking Trojan that tricks victims into downloading the program by spoofing Chrome browser updates.

Brokewell malware lures victims via fake Chrome updates

Cybersecurity company Threat Fabric recently shared details about a new threat to Android users report. The researchers, identified as Brokewell, describe the malware family as a powerful Android banking trojan with data-stealing and device-taking capabilities.

The malware caught the researchers’ attention via a fake Chrome update page. They noticed a fake browser update to install an Android app. The fake webpage mimicked the design of the actual Google Chrome update page to trick users, with subtle differences.

When downloading the so-called Chrome update, the downloaded application installed a new malware family that remained under the radar for quite some time. Although the malware went undetected, the retrospective analysis revealed previous malicious campaigns involving an Austrian digital authentication app and another financial service.

Analysis of the malware further revealed its true nature: a banking Trojan targeting mobile users. Once downloaded, it performs numerous functionalities to steal users’ data. For example, it displays screen overlays to steal credentials, launches its own WebView to steal cookies, and sends all stolen data to the C&C server. Additionally, it records device activities including typing data, touch data, swipes, apps opened, and information displayed. This way it ensures that all sensitive information beyond the usual banking details is captured.

The researchers shared a detailed technical analysis of the malware in their post. Although they listed most of Brokewell’s functionalities, they expect the malware to exhibit more capabilities in the future as they can observe its continued development.

See also  A 'bionic eye' scan of an ancient, scorched scroll points to Plato's long-lost grave

Looking back at this Android Trojan, “Baron Samedit” was revealed as the developer, who has been active for the past two years. Although the threat actor previously provided tools to other cybercriminals, the launch of Brokwell marks them as a separate threat actor.

Let us know your thoughts in the comments.

Share This Article
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *