Brokewell Malware: A Dangerous New Threat to Financial Institutions on Android Devices

In recent news, cybersecurity researchers have uncovered a dangerous Trojan known as Brokewell that poses as a fake update for Chrome on Android devices. This malware provides cybercriminals with remote access to all assets available through mobile banking, putting financial institutions and their clients at risk.

ThreatFabric, a security firm, analyzed the Brokewell Trojan and found it to be a significant threat to the banking industry. The malware is continually being developed, with new commands added almost daily. It can bypass Android 13+ restrictions and is disguised as an update for Google Chrome.

Brokewell uses overlay attacks to steal user credentials by presenting a fake screen on top of legitimate applications. It can also capture session cookies and send them to a command and control server. Additionally, the malware has an accessibility log that captures user activity, including keystrokes, screen information, call history, geolocation, and audio recordings.

The developers of the Brokewell Trojan are known as ‘Baron Samedit’ and do not hide their identity. They have even created a repository called Brokewell Cyber Labs where they promote this malware to other cybercriminals. The source code of the malware includes the Brokewell Android Loader tool designed to bypass Android 13+ restrictions on side-loading applications.

Experts believe that Baron Samedit has been active for at least two years and provides tools for cybercriminals to steal accounts from various services. These malware families pose a significant risk to clients of financial institutions who use mobile banking apps, leading to successful fraud cases that are challenging to detect. As more actors gain the ability to bypass Android restrictions, this feature may become common among mobile malware.

In conclusion, it is crucial for users of mobile banking apps to exercise caution when downloading updates or software from unknown sources. Financial institutions should also prioritize securing their platforms against such threats and stay updated on emerging risks in the ever-evolving threat landscape of cybersecurity threats in the digital age.