New Brokewell banking malware threatens Android users

ThreatFabric analysts have identified a new Android mobile malware called Brokewell as a significant cyber threat capable of taking complete control of infected devices and stealing sensitive data. The software specifically targets banking applications and puts both the industry and its users at risk by allowing unauthorized remote access to all assets within the application.

Analysts report that malware is evolving rapidly, with new features being added almost daily. This trend is particularly concerning because it indicates that more and more attackers are able to overcome the most advanced security measures on mobile devices.

Brokewell stands out for its complex set of features, including keystrokes, swipes and app interactions, and was first discovered in the guise of fake browser updates. All user actions are recorded and intercepted through an overhead screen that tricks the user into entering credentials. The stolen data, including cookies, is sent to a command server controlled by the attacker. The threat actors, known as Baron Samedi, have been active for at least two years, but only recently switched to mobile malware. Their actions also include the development of tools designed to bypass Android 13+ security measures, indicating the level of sophistication of cyberattacks.

The fact that the bootloader used by Brokewell was made public indicates its potential for adaptation and the potential for further adaptation. In addition to stealing personal and financial information, it also targets common postpaid services and digital authentication applications, expanding its scope to various aspects of financial transactions.

The Brokewell revelations are an important reminder that the cybersecurity threat landscape is constantly changing. Users and organizations must remain vigilant and proactively update their security protocols to protect against these sophisticated forms of malware. Cybercriminal tactics are constantly evolving, and the importance of robust cybersecurity measures and timely security infrastructure updates cannot be overstated.