Experts from the security company Threat Fabric sound the alarm about a new Android malware, dubbed Brokewell, which can record everything you do on the device and give attackers direct access to it, zonait.ro writes.
Disguised as a fake Chrome update page, the new malware takes advantage of users’ inattention to infect Android phones and tablets. Once infiltrated on the device it can intercept all interactions with the touch screen, the text entered, images displayed on the screen, the applications you work with and everything else you do on the phone. There are also remote control options available to attackers who can intervene on your device to access bank accounts and obtain valuable information without having to go through the complications of authenticating on another unrecognized device.
advertisement
According to Threat Fabric, Brokewell is part of a “previously undocumented malware family with a wide range of capabilities.” Malware distributed through a fake Chrome update page is also propagated in fake “buy now, pay later” advertising campaigns targeting gullible people, but it has also been discovered in a fake digital authentication app, called ID Austria. Android users are generally targeted, but this could just be a constraint imposed by the software platform being used, which could be removed once the malware is “ported” to iOS.
Brokewell can mimic the login screens of popular home banking apps, tricking users into giving their login details to attackers. While users are left waiting after a fake error message announcing the temporary unavailability of banking services, attackers are busy emptying their accounts. The malware can also intercept and extract cookies essential for authentication on recognized devices, capture user interactions with the device, collect hardware and software details, retrieve call logs, GPS location coordinates, and even and listen to the victim through the microphone.
The attacker can directly see the contents of the screen and even take control of the touch interface. In addition, the attacker can remotely activate the screen and adjust the brightness and volume so that they can control the device unsuspectingly, while the screen still appears to be off.
Brokewell is developed by an individual identified as Baron Samedit. The hacker has a “checkered” history of developing and selling tools to verify stolen accounts. Their tools are used by many cybercriminals, Threat Fabric reports. One of the tools called “Brokewell Android Loader” can bypass Google’s restrictions on the Android operating system, designed to prevent abuse of the accessibility service for apps installed from outside recognized app stores.
The best way to avoid malware is to refuse any applications or supposed extensions, unsolicited or unexpected updates. Especially on mobile, these are almost never legitimate requests that a service or app provider would make in good faith.
advertisement
advertisement
Tags: Disguised Chrome update Android malware full control devices
