Brokewell Trojan masquerades as Chrome update to hijack Android devices
In the Android ecosystem, a new threat named Brokewell has surfaced. This banking Trojan can hijack devices and pilfer application login credentials, potentially leading to financial losses for users. It masks itself as an update for Google Chrome to invade smartphones.
The experts at Threat Fabric have unveiled details about this menace. Brokewell, a recognized banking Trojan, falls into the category of info stealers. These malign entities sneak into victims' smartphones to extract specific data and transmit it to the assailants' servers. The data harvested in such manners is instrumental for orchestrating further attacks, commandeering social media profiles, and initiating bank frauds.
Often, the vulnerability lies within the users, who fall for the manipulated notification about an update. The perpetrators behind Brokewell predominantly disseminate this Trojan via fraudulent alerts about an ostensibly mandatory Google Chrome update. Users who interact with these alerts (essentially ads that redirect) find themselves on a bogus site where they inadvertently download the malicious software.
In reality, once Brokewell gains entry, it commands control over every piece of data and functionality on the device. Its capabilities include recording audio, capturing the screen, tracking GPS location, making phone calls, sending SMS messages, secretly installing additional malicious software (likely to perpetuate further harm), and transmitting any collected data back to the attackers. The device is entirely compromised, leaving the user oblivious to the intrusion.
To fend off such dangers, it's crucial to exercise caution when downloading or updating applications. The most prudent approach is to opt for only official distribution channels, like the Google Play store (the standard platform for app updates). According to a statement by Google to The Hacker News, Android is equipped with Play Protect, which detects known threats and unauthorized activities perpetrated by applications, even those installed from outside the Google Play store.
