Security researchers have uncovered a new Android banking trojan named Brokewell, capable of capturing every event on the device, from touches and displayed information to text input and launched applications. The malware is distributed through a fake Google Chrome update displayed while using the web browser. Brokewell, still in active development, combines extensive device takeover and remote control capabilities. Fraud risk company ThreatFabric found Brokewell while investigating a fake Chrome update page that dropped the malware payload, a common method used to deceive unsuspecting users into installing malicious software. Brokewell's primary capabilities include data theft and remote control. It mimics login screens of targeted applications to steal credentials using overlay attacks and its own WebView to intercept and extract cookies after a user logs into a legitimate site. Additionally, Brokewell captures the victim's interaction with the device, including taps, swipes, and text inputs, to steal sensitive data. It also gathers hardware and software details, retrieves call logs, determines the device's physical location, and captures audio using the device's microphone. The trojan allows attackers to view the device's screen in real-time, execute touch and swipe gestures remotely, click on specified screen elements or coordinates, scroll within elements, and type text into specified fields. It can also simulate physical button presses like Back, Home, and Recents, activate the device's screen remotely, and adjust settings such as brightness and volume. ThreatFabric reports that the developer behind Brokewell, known as Baron Samedit, has been selling account-checking tools for at least two years. Furthermore, researchers discovered another tool called "Brokewell Android Loader," also developed by Samedit. Hosted on one of the command and control servers for Brokewell, this loader is used by multiple cybercriminals and can bypass the restrictions introduced by Google in Android 13 and later to prevent abuse of the Accessibility Service for side-loaded apps. This bypass, increasingly problematic since mid-2022, has become more prevalent with the availability of dropper-as-a-service operations and malware incorporating these techniques into custom loaders. Security experts warn that device takeover capabilities like those in Brokewell are highly sought after by cybercriminals as they allow fraud to be conducted from the victim's device, evading fraud detection tools. They anticipate Brokewell to be further developed and offered to other cybercriminals on underground forums as part of a malware-as-a-service operation. To protect against Android malware infections, users should avoid downloading apps or updates from sources other than Google Play and ensure that Play Protect is active on their devices.
The Microsoft Threat Intelligence team has uncovered a concerning trend involving the misuse of Quick Assist, a client management tool, by a threat actor known as Storm-1811. This ...
Intel's recent Patch Tuesday released 41 security advisories covering over 90 vulnerabilities across their product range. While patches have been provided for most of these iss...
Singing River Health System (SRHS) disclosed that approximately 900,000 individuals were affected by a ransomware attack in August 2023. The breach compromised personal data includ...