Beware the Brokewell Trojan: Android's New enemy disguised as Chrome Update

The team at Threat Fabric has shed light on the threat. The banking trojan known as Brokewell falls into the category of info stealers, worming its way into victims' smartphones to extract specific data and relay it to the attackers' servers. The intel gathered in this manner is then used to facilitate further attacks or pave the way for commandeering social media accounts (with potential “Blik” scams on the horizon) or infiltrating bank accounts to embezzle funds.

As is often the case, users inadvertently contribute to the problem by not recognizing the falsified update notification. The perpetrators have mainly disseminated the Brokewell malware through spurious warnings about a supposedly critical Google Chrome update. Clicking on the prompt (effectively an advert that redirects the user) takes them to a bogus webpage, where they unknowingly download the malicious software.

In effect, the Brokewell Trojan gains access to all the phone's data and functions. This includes capabilities such as recording audio, capturing the screen, reading GPS location, making calls, sending SMS messages, installing additional software without the user's consent (likely also malicious, enabling further nefarious activities), and relaying any data from the phone to the attackers. Consequently, the smartphone is wholly "subjugated," unbeknownst to the user.

To sidestep similar hazards, it’s critical to exercise caution when downloading apps and updating those already on your device. The most prudent approach is to rely exclusively on official sources of distribution, namely, the Google Play Store, for both new downloads and app updates. In a statement to The Hacker News, Google has asserted that Android is equipped to detect known threats and unauthorized activities perpetrated by apps, thanks to Play Protect, even if the programs were acquired outside the Google Play Store.