Sunday, November 24, 2024

Android Alert: Brokewell malware targets banking apps and user data

Google Chrome is the default browser on Android. So if a dangerous update is caught spying on users and accessing their accounts, that is a major problem…

Another warning has just been issued for the hundreds of thousands of Android users who’re prone to click on links to apps and updates in messages and emails. As we saw in February, a fake Chrome update tricks users into putting their devices in danger.

We don’t understand how many users fell victim to this particular attack – but because it’s the second fake Chrome attack in a number of weeks, all Android users should warn themselves against clicking on such Google Chrome update links .

Threat substance says that this latest Brokewell malware “is equipped with extensive device takeover capabilities… This approach seems harmless (with a carefully crafted page promoting an update to a newer version of the software) and natural (as is the case with normal browser usage ). unsuspecting victims.”

The malware itself is “a previously unknown family of malware with a wide range of capabilities,” including access to banking apps and even full or partial device takeover. This latest malware remains to be in development and latest commands are being added “daily.”

Brokewell has also hidden behind alternative APKs to fake Chrome installation, but as we have now already seen, the presentation under the banner of the stock Android browser will hit more users than apps with smaller install bases. Earlier this 12 months we saw a warning from McAfee that Android users mustn’t click on links that claim to put in Chrome updates on their phones. The risk highlighted there was MoqHao malware, although the unique technique was similar.

ForbesFake Chrome updates goal Android users with malware

While sneaking into your banking apps is bad enough, the malware’s ability to capture anything and all the things in your device is even worse: “All actions are logged and sent to the command and control server, effectively stealing any sensitive data viewed or entered on the compromised device.” This means any app or service on a user’s phone might be compromised, not only those that were originally attacked.

Brokewell creates an overlay screen in front of real apps to capture login credentials. The malware can even steal session cookies – an increasingly common technique to bypass multi-factor authentication by impersonating a trusted user on one other device.

Brokewell’s dropper – the app that’s first installed by the user after which downloads the malware itself – bypasses the accessibility protections in Android which might be designed to stop such a sideloading attack.

Threat Fabric warns that the broader distribution of the brand new dropper behind this attack “will have a significant impact on the threat landscape – more actors will gain the ability to bypass Android restrictions,” which “underscores the continued demand for such capabilities among cybercriminals. “These actors require this functionality to commit fraud directly on victims’ devices, which presents a significant challenge for fraud detection tools that rely heavily on device identification or device fingerprinting.”

Threat Fabric expects the brand new dropper and malware to spread more widely through the same old “underground channels,” meaning any Android users prone to install apps or updates from outside the official store are in danger.

Users with Google Play Protect on their devices might be shielded from known versions of this malware, but the same old rules still apply:

  1. Stick to official app stores – don’t use third-party stores and never change your device’s security settings to permit an app to be loaded; Also ensure Google Play Protect is enabled in your device.
  2. Check the developer within the app description. Is it someone you wish in your life? And have a look at the reviews: do they appear legitimate or artificial?
  3. Don’t give an app permissions it shouldn’t need: Flashlights and stargazing apps don’t need access to your contacts and phone. And never grant access permissions that make device control easier unless you’ve got a necessity.
  4. Never all the time Click on links in emails or messages that directly download apps or updates – all the time use app stores for installations and updates.
  5. Don’t install apps that link to established apps like Chrome unless you recognize obviously they’re legitimate – check reviews and online posts.
Latest news
Related news