Brokewell Mobile Malware Spreads Through Fake Chrome Updates

Counterfeit browser updates are being employed to distribute a new Android malware known as Brokewell, which was previously undocumented.

According to an analysis by security researchers published in April 2024, Brokewell is a contemporary banking malware that possesses both data-stealing and remote-control capabilities.

The malware is actively evolving, with ongoing development introducing new commands to capture touch events, on-screen text, and launched applications.

Brokewell disguises itself as various apps, including Google Chrome, ID Austria, and Klarna:

  • jcwAz.EpLIq.vcAZiUGZpK (Google Chrome)
  • zRFxj.ieubP.lWZzwlluca (ID Austria)
  • com.brkwl.upstracking (Klarna)

Like other recent Android malware, Brokewell can circumvent Google's restrictions on sideloaded apps that attempt to request accessibility service permissions.

Once installed and launched, the banking trojan prompts the victim to grant accessibility service permissions, enabling automatic granting of other permissions to carry out malicious activities.

Brokewell Comes With Diverse Malicious Toolkit

Brokewell's capabilities include displaying overlay screens to steal user credentials, intercepting session cookies, recording audio, taking screenshots, accessing call logs and device location, listing installed apps, sending SMS messages, making phone calls, installing/uninstalling apps, and disabling accessibility services.

The malware allows threat actors to remotely view real-time screen content and interact with the device through clicks, swipes, and touches.

Brokewell is attributed to a developer using the pseudonym "Baron Samedit Marais" who manages the "Brokewell Cyber Labs" project. The project includes an Android Loader hosted on Gitea, designed to bypass accessibility permission restrictions on specific Android versions and deploy the trojan implant.

The loader, resembling a dropper, generates apps with a default package name of "com.brkwl.apkstore," potentially accessible to other threat actors seeking to evade Android's security measures.

By Zaib
April 26, 2024
Android Malware, Computer Security
English
April 26, 2024
Android Malware, Computer Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Error: Ox800VDS Pop-up Scam

1 month ago

Softcnapp Potentially Unwanted Application

2 months ago

Alrucs Service Trojan

23 days ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

9 months ago

Alludesgroup.com Attempts to Slip You Ads

16 days ago

Related Posts

Computer Security

HotRat Malware Spreads Through Fake Software Cracks

A fresh variant of the infamous AsyncRAT malware, named HotRat, is currently making rounds, leveraging illicit versions of popular software and utilities such as video games, image and sound editing tools, and even... Read more

July 24, 2023
Malware

BazaFlix Spam Campaign Spreads the BazarCall Malware

The operators of the BazarCall malware are utilizing a new type of attack to deliver malicious email attachments to their victims. The attack, dubbed BazaFlix, focuses on the usage of fake messages and emails, which... Read more

May 28, 2021
Computer Security

VexTrio Malicious Network Spreads Malware

Researchers have discovered that over 70,000 apparently legitimate websites have been taken over and incorporated into a network, known as VexTrio, utilized by criminals for distributing malware, deploying phishing... Read more

February 12, 2024
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.