The malware universe continues to evolve and bring new actors to the spotlight. A Using “Device Takeover” resources among less well-intentioned hackers seems to be in fashion and that’s where a new protagonist comes inidentified by cybersecurity firm ThreatFabric.
O Brokewell, as it has been called, is a banking malware that cleverly disguises itself as a Google Chrome update. It can steal cookies and record everything you do on your phone or tablet or even take command to make money transfers and change passwords.
ThreatFabric analysts found the malware in a Fake browser update page designed to trick people and make them download the malicious application.
As explained, Brokewell uses overlay attacks to show a fake login page to steal credentials of user. Furthermore, is capable of sending all session cookies to a server command and control (C2), when users log in to a website.
Also allows you to record everything that is done on the infected device, from touches to text entry and opening applications. All of this is sent to the C2 server, giving hackers access to a large amount of private data.
To make matters worse, cybercriminals can also use Device Takeover capabilities to take full control of the phone or tablet and use the collected information to initiate bank transfers, change passwords and much more.
ThreatFabric highlights some points about Brokewell. Click on the images for more details.
“Analysis of the samples revealed that Brokewell poses a significant threat to the banking sector, giving attackers remote access to all assets available through mobile banking,” writes ThreatFabric in the report. “The Trojan appears to be in active development, with new commands added almost daily,” he adds.
The company considers that the Brokewell discovery shows the growing demand for Device Takeover capabilities among cybercriminals and predicts further evolution of this malware family. “Brokewell will likely be promoted in underground channels as a rental service, attracting the interest of other cybercriminals and triggering new campaigns targeting different regions.”
Tags: malware pretends Google Chrome update steals large amounts data Internet
