New Trojan Malware Threatens Mobile Banking Industry with Remote Access to Financial Assets

Trojan malware poses a significant threat to the mobile banking industry, as researchers have identified Brokewell, a new family of malware that pretends to be a Chrome update on Android devices. This Trojan is designed to give cybercriminals remote access to mobile banking assets by stealing user credentials and session cookies.

ThreatFabric analysts discovered Brokewell, which disguises itself as a Google Chrome update by presenting a fake browser download page using overlay attacks. The Trojan’s source code includes the Brokewell Android Loader tool, which helps to bypass Android 13+ restrictions on side-loading applications.

Brokewell is constantly evolving, adding new commands almost daily to bypass restrictions on Android 13+ devices. In addition to capturing keystrokes and information displayed on screen, it has spyware functionalities that collect device information, call history, geolocation, and can even record audio. The developers of Brokewell do not hide their identity, as the repository comes with the signature ‘Baron Samedit.’

This malware has been active for at least two years and has provided tools to other cybercriminals for checking stolen accounts. It poses a significant risk to clients of financial institutions, resulting in successful fraud cases that are difficult to detect without proper measures. The evolving nature of malware like Brokewell shows the need for continued vigilance and security measures to protect against cyber threats in the mobile banking sector.

In conclusion, cybersecurity researchers have identified a new type of Trojan called Brokewell that poses a significant threat to mobile banking assets. This malware disguises itself as a Google Chrome update and uses overlay attacks to capture user credentials and session cookies. It also has spyware functionalities that collect device information, call history, geolocation, and can even record audio. The developers of this malware do not hide their identity and have been active for at least two years. To protect against this evolving threat, it is crucial for continued vigilance and security measures in the mobile banking sector.