web analytics
Home » Technology » Internet » Brokewell Malware Discovered By Researchers Stealing Banking Details Of Users

Brokewell Malware Discovered By Researchers Stealing Banking Details Of Users

Security researchers have discovered a new Android banking Trojan called Brokewell. The malware is particularly dangerous because it appears to be able to record any event on the device and transmit it to unknown third parties.

Fake Chrome update page

This is reported by the online magazine Bleeping Computer which is now warning about the new Brokewell malware. Researchers at fraud risk company ThreatFabric discovered Brokewell after investigating a fake Chrome update page. Users were tricked into downloading a manipulated file containing the Trojan using alleged Chrome app updates.

The malware makers lure their victims to their website by displaying update notifications on other pages that have been adapted to the real update pages – they are not completely identical, but they are good enough to trap many unsuspecting users to let you grope.

Brokewell takes over Android devices with the aim of spying on users, collecting data and then sending it on. According to ThreatFabric, everything can be recorded, from touches on the touch display to information displayed to text input and the applications that the user starts.

According to ThreatFabric, Brokewell is still in active development and already has a mix of comprehensive device takeover and remote control functions.

Brokewell details

Examining previous campaigns, researchers found that Brokewell had previously been used to attack financial services (e.g. Klarna) and impersonate an Austrian digital authentication application called ID Austria.

ThreatFabric also reports that the developer behind Brokewell is a person who calls himself “Baron Samedit” and has been selling stolen account verification tools for at least two years.

The researchers discovered another tool called “Brokewell Android Loader,” which was also developed by Samedit. The tool was hosted on one of the servers that act as command and control servers for Brokewell.

Interestingly, this loader can bypass the restrictions that Google introduced starting with Android 13 to prevent abuse of the accessibility service for sideloaded apps (APKs). This makes the malware particularly dangerous because victims surf in a false sense of security.