Identified as “Brokewell” by the researchers who discovered it, this banking malware targets Android device users in the form of a fake Google Chrome update.
Malware targeting Android comes and goes, and alas, it’s not the same. After XLoader, which returned even meaner in February 2024, Brokewell, so named by the researchers at cybersecurity firm Threat Fabric who discovered it, is also focusing on Google’s open-source operating system. For this, it goes through a fake Google Chrome update on Android.
This update acts as bait for hackers to trick users who are not vigilant in downloading Brokewell. The latter, in a completely autonomous way, will invest in the Android mobile and, in the process, will literally loot it, including bank data.
The overlay, the attack that gives the Brokewell malware full control of Android devices without users’ knowledge,
At first glance, Brokewell appears to behave like any other malware. It hides behind a request to update Google Chrome in a text message or email. In it, the user will have to click on a link that redirects them to a page that offers this browser update.
Where the issue gets complicated is that it is the user who, without knowing it, will install Brokewell itself on his Android device, thinking of installing the aforementioned Chrome update. Invisible and unknown, the victim is guilty and suspects nothing.
Worse still, this banking malware spreads its attack by overlay, that is, it will take the place of all the applications installed in the mobile. As soon as the user opens one and performs actions, Brokewell records them.
To complement its range of infections, this malware, which specializes in looting banking data, has an “accessibility log” that, according to Threat Fabric researchers, captures “every event […] On the device: keys, swipes, display information, text input, and open apps. All actions are recorded and sent to the command and control server, thus stealing all confidential data displayed or entered on the compromised device.” Finally, and as if that wasn’t enough, Brokewell also has a spying feature and can collect your geolocation data or call history. The complete package.
How to avoid Brokewell banking malware on an Android device?
Threat Fabric warns that Brokewell is ushering in a new era of banking malware. “We anticipate a further evolution of this malware family, as we have already observed almost daily malware updates,” they explain on their blog. This is all the more reason to protect yourself from this sneaky malware with a few simple tips.
Cross your fingernail when downloading an app or update, always go through the official app stores. Never change your security settings to install apps from unknown sources. To increase security, make sure that you have Google Play Protect turned on.
When downloading an app, take the time to check out the developer and read reviews carefully to assess their authenticity. Avoid clicking on links in emails or messages that offer direct downloads of apps or updates.
Finally, be careful when installing apps that appear to be related to established apps, such as Chrome. A simple Google search will allow you to check if an update is actually updated on the official website.