Tube4vids logo

Your daily adult tube feed all in one place!

Urgent warning to Android users over fake Chrome updates that could drain your bank account and leak your location

PUBLISHED
UPDATED
VIEWS

Hackers have unleashed a new bank account-draining malware, appropriately named 'Brokewell,' and security researchers warn that it's targeting Android users.

The Brokewell trojan is currently posing as an update to Google Chrome for Android, at times even impersonating Google's ads for updates.

Worse, according to the team's security report, Brokewell 'appears to be in active development, with new commands added almost daily.'

The malware kit also includes a suite of 'spyware' tools capable of covertly surveilling and remotely controlling an Android user's mobile device.

'It can collect information about the device, call history, geolocation, and record audio,' the security researchers warned. 

Hackers have unleashed a new bank account-draining malware, appropriately named 'Brokewell,' and security researchers warn that it's targeting Android users

Hackers have unleashed a new bank account-draining malware, appropriately named 'Brokewell,' and security researchers warn that it's targeting Android users

Brokewell is currently posing as an update to Google Chrome for Android, at times even impersonating Google's ads for updates (example above), according to the latest advisory from the security researchers at ThreatFabric

Brokewell is currently posing as an update to Google Chrome for Android, at times even impersonating Google's ads for updates (example above), according to the latest advisory from the security researchers at ThreatFabric 

Cybersecurity researchers at the firm ThreatFabric first identified Brokewell via the hackers' faked Google Chrome update ads, but their 'retrospective analysis' discovered prior hacking campaigns using the malware.

This 'previously unseen malware family with a wide range of capabilities,' they wrote, had also targeted Klarna, a popular 'buy now, pay later' financial app, and ID Austria, the official digital authentication service created by Austria's national government.

Brokewell, according to ThreatFabric, employs two increasingly common tactics popular with similar cyber-burglarizing mobile banking malware. 

First it uses 'overlay attacks,' which creates a false screen over the targeted banking app, to steal the user's login credentials as the real user types it in themselves. 

Next, Brokewell actually steals the 'session cookies' used by the banking app, so that the hacker can bypass security measures like two-factor authentication later.

Session cookies are temporary cookies that are erased from a device once the user closers the browser.

By stealing them, hackers can put them into new web sessions and basically impersonate the original users without having to prove their identity. 

All of Brokewell's sophisticated new hacking tools, according to the researchers, will increase the likelihood that other hackers will soon incorporate its ability to bypass security measures on Android devices running Android 13 or higher. Above, known targets of Brokewell now

All of Brokewell's sophisticated new hacking tools, according to the researchers, will increase the likelihood that other hackers will soon incorporate its ability to bypass security measures on Android devices running Android 13 or higher. Above, known targets of Brokewell now

The hackers brazenly host a repository for its code, under the name 'Brokewell Cyber Labs' and the author name 'Baron Samedit.' The name is a pun on Baron Samedi, a figure in Haitian voodoo culture made famous by the James Bond villain in the 1973 film Live and Let Die

The hackers brazenly host a repository for its code, under the name 'Brokewell Cyber Labs' and the author name 'Baron Samedit.' The name is a pun on Baron Samedi, a figure in Haitian voodoo culture made famous by the James Bond villain in the 1973 film Live and Let Die

READ MORE: Hackers are using fake Facebook ads to steal bank account details and personal information ... here's how YOU can stay safe

Facebook users are getting tricked into clicking on fraudulent links that expose personal information and data to scammers. Users should avoid sponsored links and install malware software. 

'After stealing the credentials, the actors can initiate a Device Takeover attack using remote control capabilities,' ThreatFabric warned in their report.

'The malware performs screen streaming and provides the actor [i.e. the hacker] with a range of actions that can be executed on the controlled device, such as touches, swipes, and clicks on specified elements,' they found.  

All of Brokewell's sophisticated new hacking tools, according to the researchers, will increase the likelihood that other hackers will incorporate its ability to bypass the security measures currently on Android devices running Android 13 or higher. 

'During our research, we discovered another dropper [malware that opens the gates for future malware payloads] that bypasses Android 13+ restrictions,' the researchers said. 

'This dropper was developed by the same actor(s) and has been made publicly available,' they noted.

ThreatFabric said that they were able to track down some of the servers used by the malware/spyware hybrid: a command and control (C2) point for managing its victims' infected devices. 

The hackers also brazenly host a repository for its code, complete with a 'read me,' under the name 'Brokewell Cyber Labs' and the author name 'Baron Samedit.'

The name is a pun on Baron Samedi, a figure in Haitian voodoo culture made famous by the James Bond villain of the same name in the 1973 film Live and Let Die.

Comments