Brokewell Android malware can completely take over your phone

Brokewell Android malware can completely take over your phone

Posted on


Security researchers at Threat Fabric have discovered a new Android malware that can capture everything you do on your phone. Dubbed Brokewell, the malware can read all touch inputs, app launches, text inputs, images displayed on the screen, and more. It also features remote control capabilities, effectively giving the attacker full control over your device.

Brokewell Android malware with remote control capabilities discovered

According to Threat Fabric, Brokewell is distributed through a fake Chrome update page. It is a common technique to trick unsuspecting users into downloading malware on their devices. They would click on the update button without verifying the source. Once installed, their phones are infected by malware that can completely take over the devices and cause extensive damage.

Brokewell Android malware can completely take over your phone

The cybersecurity agency describes Brokewell as “a previously unseen malware family with a wide range of capabilities.” However, a retrospective analysis revealed previous campaigns by this malware family targeting “buy now, pay later” financial services and an Austrian digital authentication app called ID Austria. The latest campaign seemingly targets Android users in general.

Brokewell boasts an extensive set of features that attackers can leverage to steal sensitive data from infected devices. It can mimic login screens of targeted apps, tricking users into giving away their credentials to attackers. The malware can also intercept and extract cookies, capture user interactions with the device, collect hardware and software details, retrieve call logs and location, and capture audio of the surroundings.

The attacker can live stream the screen of the infected device, so they can see everything you do. Brokewell also allows them to remotely execute touch and swipe gestures, click on the screen, type text into specified fields, and simulate physical button presses like Back, Home, and Recents. Additionally, the attacker can activate the screen remotely and adjust the brightness and device volume.

A new attacker is behind this campaign

Brokewell is developed by an individual identified as Baron Samedit. The threat actor has a history of developing and selling tools for checking stolen accounts. Their tools are used by many cybercriminals, Threat Fabric reports. One of the tools called “Brokewell Android Loader” can bypass Google’s Android OS restrictions designed to prevent abuse of Accessibility Service for sideloaded apps.

This isn’t the first or only Android malware taking advantage of Google’s flaw. Many threat actors incorporate this bypass technique to avoid or minimize the risk of detection. Despite the continuous efforts of Google and other vendors, attackers always find a workaround. The best way to stay safe from malware is to avoid sideloading apps. Always download apps and app updates from the Google Play Store or other trusted app stores like the Galaxy Store.

Brokewell Android malware samplesBrokewell Android malware samples



Source Link Website

Gravatar Image
My John Smith is a seasoned technology writer with a passion for unraveling the complexities of the digital world. With a background in computer science and a keen interest in emerging trends, John has become a sought-after voice in translating intricate technological concepts into accessible and engaging articles.

Leave a Reply

Your email address will not be published. Required fields are marked *