Devious "Brokewell" trojan masquerades as Chrome browser update to steal your banking data

zohaibahd

Posts: 977   +19
Staff
Why it matters: If you're an Android user, you'll want to keep your eyes peeled for a devious new strain of malware that's been making the rounds. Dubbed "Brokewell" by cybersecurity researchers, this Trojan packs a seriously malicious punch and even lets hackers gain remote access to your phone.

As reported by fraud risk company ThreatFabric, the modus operandi of this malware is deceptively simple - it tricks unsuspecting users into downloading it by disguising itself as an update for Google Chrome. The fake update page looks pretty legit at first glance, using similar visuals and branding as the real Chrome update prompts. But there are some subtle telltale signs that something is amiss, like awkward phrasing and some misplaced visual elements.

Once installed on your device, Brokewell can siphon off your personal data, snoop through banking apps, and even give attackers remote control access to your phone or tablet.

Brokewell does all this by employing some clever trickery involving overlay screens that pop up over your apps to nab login credentials and session cookies, according to the researchers. It can also invisibly log every tap, swipe, and bit of data you enter to hoover up any confidential info.

What's particularly unnerving is that Brokewell seems to be an active work-in-progress. "We anticipate further evolution of this malware family, as we've already observed almost daily updates to the malware," the researchers wrote.

The firm has traced Brokewell back to a hacker called "Baron Samedit" who is apparently selling it along with other shady tools through a shadowy online operation dubbed "Brokewell Cyber Labs." It's even got its own website.

Samedit has been peddling malware like Brokewell for at least a couple of years now. Researchers also uncovered another utility they created called the "Brokewell Android Loader" that helps cybercriminals bypass restrictions in Android 13 to get malware installed.

Worse, the analysts have warned that the ability to bypass Android 13+ restrictions could proliferate among cybercriminals. Just as reading SMS messages became ubiquitous for mobile malware, circumventing OS security measures may become the new norm.

The ability for nasties like Brokewell to essentially take over your device from the inside is a capability that's in hot demand in the cybercrime underworld. That's because it allows fraudsters to perform their misdeeds directly through the victim's phone.

"Brokewell will likely be promoted on underground channels as a rental service, attracting the interest of other cybercriminals and sparking new campaigns targeting different regions," writes the analysts.

What can you do to steer clear of Brokewell's crosshairs? As a general rule, never download apps or updates from sources outside the official Google Play Store. Having Google Play Protect turned on is also a must to scan for shady apps - it's usually enabled by default and shields against most threats like these.

Permalink to story:

 
I haven't used chrome on my phone for a long time now, but any update I would do is when chrome is open. You'd see a colored circle with an arrow in it pointing up in the upper right corner. Open that up and there is a spot in the dropdown menu to click to update chrome. Update from there.

Where are people actually going to do an update for their phone's web browser? This blows my mind.
 
IMO, anyone using Chrome on any device and on any operating system is asking for trouble especially after the recent news about Google tracking Chrome users even in private browsing windows. I'll never trust Chrome.

I have an android phone, but I've installed Firefox, Firefox Focus, and Waterfox as my preferred browsers on my phone.

Lastly, I would not dream of updating any app on my phone from anyplace other than the Play Store.

This sounds like a scam intended to take advantage of the not-so-technically-inclined.
 
Good luck in getting anything out of my accounts you'll need access to my 2FA that isn't via sms or email so all you'll get without it is a ballance and anything requiring withdrawals deposits automatic payments etc etc requires 2FA to log in
 
Back