Home Security New ‘Brokewell’ Android Malware Spread Through Fake Browser Updates

New ‘Brokewell’ Android Malware Spread Through Fake Browser Updates

by crpt os


Apr 26, 2024NewsroomMobile Security / Cybercrime

Fake browser updates are being used to push a previously undocumented Android malware called Brokewell.

“Brokewell is a typical modern banking malware equipped with both data-stealing and remote-control capabilities built into the malware,” Dutch security firm ThreatFabric said in an analysis published Thursday.

The malware is said to be in active development, adding new commands to capture touch events, textual information displayed on screen, and the applications a victim launches.

The list of Brokewell apps that masquerade as Google Chrome, ID Austria, and Klarna is as follows –

  • jcwAz.EpLIq.vcAZiUGZpK (Google Chrome)
  • zRFxj.ieubP.lWZzwlluca (ID Austria)
  • com.brkwl.upstracking (Klarna)

Like other recent Android malware families of its kind, Brokewell is capable of getting around restrictions imposed by Google that prevent sideloaded apps from requesting accessibility service permissions.

Cybersecurity

The banking trojan, once installed and launched for the first time, prompts the victim to grant permissions to the accessibility service, which it subsequently uses to automatically grant other permissions and carry out various malicious activities.

This includes displaying overlay screens on top of targeted apps to pilfer user credentials. It can also steal cookies by launching a WebView and loading the legitimate website, after which the session cookies are intercepted and transmitted to an actor-controlled server.

Android Malware

Some of the other features of Brokewell include the ability to record audio, take screenshots, retrieve call logs, access device location, list installed apps, record every every event happening on the device, send SMS messages, do phone calls, install and uninstall apps, and even disable the accessibility service.

The threat actors can also leverage the malware’s remote control functionality to see what’s displayed on screen in real-time, as well as interact with the device through clicks, swipes, and touches.

Brokewell is said to be the work of a developer who goes by the name “Baron Samedit Marais” and manages the “Brokewell Cyber Labs” project, which also includes an Android Loader publicly hosted on Gitea.

The loader is designed to act as a dropper that bypasses accessibility permissions restrictions in Android versions 13, 14, and 15 using a technique previously adopted by dropper-as-a-service (DaaS) offerings like SecuriDropper and deploy the trojan implant.

By default, the loader apps generated through this process have the package name “com.brkwl.apkstore,” although this can configured by the user by either providing a specific name or enabling the random package name generator.

Cybersecurity

The free availability of the loader means it could be embraced by other threat actors looking to sidestep Android’s security protections.

“Second, existing ‘Dropper-as-a-Service’ offerings that currently provide this capability as a distinctive feature will likely either close their services or attempt to reorganize,” ThreatFabric said.

“This further lowers the entry barrier for cybercriminals looking to distribute mobile malware on modern devices, making it easier for more actors to enter the field.”

Update

A Google spokesperson shared the below statement with The Hacker News –

“Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services. Google Play Protect can warn users or block apps known to exhibit malicious behavior, even when those apps come from sources outside of Play.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex