Android Malware ‘Brokewell’ Spreads via Fake Browser Updates

A newly discovered Android malware, dubbed Brokewell, is circulating through fake browser updates, posing a significant threat to users’ financial and personal information.

According to the report, Brokewell is a sophisticated banking malware with data-stealing and remote-control capabilities. It is continuously evolving, incorporating new commands to capture touch events, screen text, and launched applications.

The malware disguises itself as popular apps such as Google Chrome, ID Austria, and Klarna to deceive users. Once installed, Brokewell bypasses Google’s security measures and requests accessibility service permissions, enabling it to carry out malicious activities.

Among its capabilities, Brokewell can display overlay screens to steal user credentials, intercept session cookies, record audio, take screenshots, access device location, retrieve call logs, and send SMS messages. Additionally, it can install and uninstall apps, record device events, make phone calls, and disable the accessibility service.

The malware also includes remote control functionality, allowing threat actors to monitor and interact with infected devices in real-time. The developer behind Brokewell, known as “Baron Samedit Marais,” manages the “Brokewell Cyber Labs” project, which offers an Android Loader publicly hosted on Gitea.

The Android Loader serves as a dropper, bypassing accessibility permissions restrictions in specific Android versions and deploying the trojan implant. Its availability increases the accessibility of Android malware distribution, potentially attracting more threat actors to the field.

The researcher warns that the proliferation of tools like the Android Loader could lead to an influx of mobile malware distribution, further challenging Android’s security defenses. As cybercriminals exploit loopholes in Android’s security architecture, users must remain vigilant and cautious when downloading apps or updates to mitigate the risk of infection.

To protect your Android device from Brokewell and similar malware, it’s essential to only download apps from the official Google Play Store and avoid installing apps from unknown sources. Regularly update your device’s operating system and apps to patch any vulnerabilities that could be exploited by malware. Additionally, use a reputable mobile security app to scan for and remove any malicious software from your device.