Risk:
| high |
Damage: |
|
Platform(s): |
Android OS |
Advisory ID: |
|
Version: |
|
CVE: |
|
Published: |
|
Summary
A new evolving malware family that targets mobile banking apps on Android smartphones has been discovered. The android trojan dubbed Brokewell is a typical modern banking malware equipped with both data-stealing and remote-control capabilities built into the malware. Brokewell is capable of device takeover, remote control, data exfiltration and monitoring capabilities. Furthermore, the malware has the capability to bypass Android 13, 14, and 15 restrictions, while deploying phishing tactics such as fake browser updates as a means to trick targets into downloading and installing a version of the malware.
Description & Consequence
The infection chain begins with the attacker deploying fake browser update pages as phishing attack to lure unsuspecting victims into downloading and installing the malware. Once installed and launched, the victim is prompted to grant permissions to the accessibility service, which is subsequently used to automatically grant other permissions and carry out various malicious activities. These malicious activities include, displaying overlay screens on top of targeted apps to pilfer user credentials, stealing, intercepting and transmitting cookies to an actor-controlled server. The attacker can further record audio, take screen shots, retrieve call logs, access device location, send SMS messages, make phone calls, install and uninstall apps, and disable the accessibility service. The threat actors can further steal banking credentials of victim on the infected device and carry out other dubious acts.
Successful installation of this banking trojan on an android device could result to the following:
- Allow attacker to steal sensitive financial information.
- Allow the attacker to commit financial fraud using victim’s device.
- Financial loss.
- Reputation damage.
- Allows the attacker to monitor the victim’s device in real time and manipulate it through clicks, swipes, and touches.
Solution
It is therefore recommended that android phone users should:
- Avoid clicking on suspicious links.
- Be mindful of fake browser or application update pages.
- Ensure that their Android devices and apps are up to date with the latest security patches.
- Download only verified apps from the official Google Play Store.
- Frequently review financial transactions for any unauthorized activity and report same to the bank.
- Periodically scan devices to ensure they are free of malware using reputable antivirus app.
- Always review app permissions before installation of any app.
Reference
Revision
