JAKARTA – Hackers have released a new malware called ‘Brokewell’ aimed at stealing Android user bank account information. Even security researchers warn that they are currently targeting Android users.
It’s a big problem.
Brokewell Trojans are currently pretending to be updated for Google Chrome on Android, sometimes even pretending to be Google ads for updates.
Even worse, according to a team security report, Brokewell ‘seems to be in active development, with new commands added almost every day.’
This malware Kit also includes a suite of ‘spyware’ tools that are able to monitor secretly and remotely control Android users’ mobile devices.
“It can gather information about the device, call history, geographic location, and record audio,” security researchers warned of the dangers of the malware.
Security researchers at ThreatFabric first identified Brokewell through hackers’ fake ads about Google Chrome updates, but their ‘retrospective analysis’ found previous hacking campaigns using this malware.
Malware is also targeting Klarna, a popular ‘buy now, pay’ financial app, and Austrian ID, an official digital authentication service created by the Austrian national government.
Brokewell’s Two Tactics
Brokewell, according to ThreatFabric, uses two tactics that are increasingly commonly used by similar cellular banking malware:
- Carrying out ‘overlay attacks,’ which create fake screens on top of targeted banking applications, to steal user login credentials when they enter them themselves.
- Stealing ‘session cookies’ used by banking apps, so hackers can bypass security measures such as two-factor authentication later.
Session cookies are temporary cookies removed from the device after the user closes the browser. By stealing it, hackers can enter it into a new web session and import natives without having to prove their identity.
All of Brokewell’s advanced hacking tools, according to the researchers, will increase the possibility that other hackers will soon combine their ability to bypass security measures on Android devices running Android 13 or higher.
Hackers bravely have a repository for their code, under the name ‘Brokewell Cyber Labs’ and the author’s name ‘Baron Samedit.’ The name is a play of words from Baron Samedi, a well-known figure in Haitian voodoo culture through criminals James Bond in the 1973 film Live and Let Die.
Add comment