New Malware Family: Brokewell Trojan Can Bypass Android 13+ Restrictions and Access Mobile Banking Assets

Financial institutions are at risk from a new malware family that has the ability to bypass Android 13+ restrictions, giving cybercriminals remote access to mobile banking assets. The Brokewell Trojan is a form of malware that poses as an update to Chrome on Android devices, and once downloaded, it aims to execute malicious actions such as stealing information.

Researchers from ThreatFabric have discovered this Trojan, which they describe as a significant threat to the banking industry. The Brokewell Trojan is actively being developed and constantly adds new commands to bypass Android 13+ restrictions. It presents itself as a Chrome update and uses a fake download page that resembles the legitimate browser page to deliver banking malware and conduct overlay attacks.

The Brokewell Trojan is capable of capturing user credentials through overlay attacks, stealing session cookies, and sending them to a command and control server. Once the cybercriminals obtain access credentials, they can launch attacks to take control of devices by transmitting screens to the server to execute commands.

Experts warn that malware families like Brokewell pose a substantial risk to clients of financial institutions, leading to successful fraud cases that are challenging to detect without appropriate measures in place. Researchers have noted that Brokewell has an accessibility log that captures every event on the device, including keystrokes, application information, and activities. In addition to monitoring victims’ activity, the Trojan can collect device information, call history, geolocation, and record audio among other spyware functionalities.

The developers of Brokewell do not conceal their identity, indicating that the Trojan may be distributed through clandestine channels that could attract other cybercriminals. The Brokewell Android Loader source code is also included in the repository, providing a tool for side-loading applications and bypassing Android 13+ restrictions.

Researchers anticipate a significant impact on the threat landscape with more actors gaining the ability to bypass Android 13+ restrictions potentially becoming a common feature among mobile malware families.

Finally