The Android platform is plagued with many malware threats, and now another one has appeared. This time, it is primarily bank customers who are in the firing line.
The Dutch security company Threat Fabric has published a new report describing a malware family dubbed “Brokewell” – a banking Trojan with many dangerous features. The Hacker News has written about the matter.
Steals many types of data
Brokewell is designed to steal data, but also has the ability to control the user’s device – making the software extra dangerous, according to the security company.
The malware possesses a wide range of features, including “overlay” functionality, where victims are tricked into giving up data via fake windows from seemingly legitimate institutions, such as banks.
It can also steal cookies, including the temporary session cookies (session cookies) that are used to authenticate the user and which are deleted as soon as the session is over.
According to Threat Fabric, the Brokewell malware sends these session cookies to the hackers’ server as soon as the victim completes the login process. This makes the malware extra dangerous, particularly in connection with banking-related activities.
In addition, the software comes with what the security company calls “accessibility logging” functionality, which means that it can record almost all activity on the compromised device.
This includes, among other things, the interaction with the touch screen on the mobile, information displayed on the screen, text that the user writes and applications that are opened by the user. All this is sent to the attacker’s server.
Can take over the unit
The properties also include the ability to collect information about the device’s location, and the malware can also gain access to the call history on the mobile.
As if this wasn’t enough, the software can also record audio from the mobile which can be used to spy on the user and potentially collect data that can be used for further mischief.
Not least, Brokewell has so-called “device takeover” functionality, which enables the attackers to execute a number of different commands on the device. These include, among other things, streaming of the screen content, emulation (imitation) of touch commands, clicking on specific elements and more.
– We expect that this malware family will continue to develop, considering that we have observed almost daily updates of the malware. Malware families such as Brokewell pose a significant risk to customers and financial institutions and lead to successful fraud cases that are difficult to detect without adequate detection mechanisms, writes Threat Fabric.
The security company detected the malware mainly via fake Chrome browser updates, but in general there are many ways to distribute such software, such as phishing and infected apps.
More information on Brokewell can be found in Threat Fabric’s review.
also read
Getting around 2FA verification: New Android malware can steal OTPs
