Brokewell Malware Targets Android Users with Data Theft and Banking App Intrusions

Sophia Taylor

By Sophia Taylor

Published:

Millions of Android users are being warned about a new and previously undocumented malware threat that masquerades as fake Google Chrome updates, posing significant risks to device security. Dubbed “Brokewell,” this Trojan malware has the capability to steal user data, access banking apps, spy on users, and grant attackers full remote access to Android devices.

According to an analysis by Dutch security firm ThreatFabric, Brokewell presents a substantial threat to the banking industry, enabling attackers to remotely access assets via mobile banking apps. The malware, armed with data-stealing and remote-control capabilities, infiltrates victims’ Android devices by deceiving them into installing the Brokewell Trojan under the guise of a Google Chrome update. It employs a visual design resembling legitimate Chrome installation prompts, albeit with noticeable grammatical errors, as a common characteristic of such scams.

Source: ThreatFabric

Once installed, Brokewell overlays screens on top of active apps, capturing login details, stealing session cookies, and even simulating user interactions to pilfer funds from compromised devices.

Described as “a previously unseen malware family with a wide range of capabilities,” Brokewell is continually evolving with regular updates, indicating active development. ThreatFabric traced the origins of the malware to a hacker named Baron Samedit, allegedly selling it along with other malicious tools through a platform called Brokewell Cyber Labs.

The security firm anticipates further evolution of Brokewell, with potential promotion on underground channels as a rental service, attracting interest from cybercriminals for new campaigns targeting different regions.

Protecting Against Android Malware

To safeguard against Android malware threats like Brokewell, users should exercise caution when downloading and installing updates or new apps. Additionally:

  1. Enable Google Play Protect: Ensure that Google Play Protect is enabled on your device, as it can scan existing and new apps for malware.
  2. Stick to official app stores: Third-party stores often have a much less rigorous review process making it much easier for malware to spread.
  3. Be mindful what permissions you grant: If an app requests a permission and it’s not obvious why it needs it, deny it. You can always go back and allow later.
  4. Consider Android Antivirus Apps: Install reputable Android antivirus apps for added protection against malware.