Vik
TL;DR: A fake Google Chrome update for Android is tricking users into installing the “Brokewell” trojan malware, which collects personal data, accesses banking apps, and allows attackers to remotely control the infected phone.
Android users, beware! A fake Google Chrome update is tricking people into installing a trojan malware known as “Brokewell.” This malware pretends to be an ordinary app but once installed on a phone, it becomes a serious threat.
The “Brokewell” Trojan
The “Brokewell” trojan is known for collecting phone owners’ data, and it can also allow an attacker to remotely take control of an Android phone. It can spy on users and access banking apps, wiping out victims of the trojan.
A significant threat.
ThreatFabric, a Dutch security firm, says that there is a good reason why the word “broke” is included in the name of the trojan. “The analysis of the samples revealed that Brokewell poses a significant threat to the banking industry, providing attackers with remote access to all assets available through mobile banking. The Trojan appears to be in active development, with new commands added almost daily.”
How the Trojan Works
The “Brokewell” trojan uses a fake Chrome browser update that almost looks like the real thing, making it easy for smartphone users to be tricked into installing it. The malware uses what is known as the “overlay” technique, where a fake screen is placed over a targeted application (such as a banking app) and captures the login info, including the user’s username and password for a particular app.
With “accessibility logging,” the malware captures all touches, text inputs, swipes, apps opened, and information displayed. This data is sent to the command-and-control server, essentially stealing personal data. Because every event is captured by the trojan, all apps downloaded on a phone are vulnerable.
Once the malware steals the phone user’s credentials, the attackers can take over control of the phone remotely.
Protecting Yourself
The “Brokewell” trojan is serious. If you receive an update for the Chrome browser for Android, ignore it. You can always update the app via the Google Play Store.
Stay vigilant.
UPDATE: Google has reached out to us today and gave us the following statement. “Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services. Google Play Protect can warn users or block apps known to exhibit malicious behaviour, even when those apps come from sources outside of Play.”
Add comment