Is Your Android Safe? ‘Brokewell’ Malware Targets Users with Fake Updates

Recently, fake browser updates are becoming the norm for hackers these days. Cybercriminals have recently been using previously undocumented malware called Brokewell to infect Android devices.

“Brokewell is a pretty typical banking malware that has both data logger and remote control abilities built into it.”

The malware is said to be in active development, which means that it is constantly updated,  like getting commands to capture touch events, display all the text information from the affected device, and show how many times an app has been used on the affected device.

Like other recent Android malware, Brokewell is capable of getting around the restrictions imposed by Google that prevent sidel;oaded apps from requesting accessibility service permissions.

Once this banking trojan is installed and launched for the first time, it prompts the victim to grant it access permission, which it can later use to get other permissions and carry out its activities

New 'Brokewell' Android Malware Spread Through Fake Browser Updates: Fake browser updates are being used to push a previously undocumented Android malware called Brokewell. "Brokewell is a typical modern banking malware equipped with both data-stealing… https://t.co/pD2rlYwU8E pic.twitter.com/gDoUrca8yH

— Global Cyber Threat Intel (@cipherstorm) April 26, 2024

The malware is a loader that is designed to act as a dropper that bypasses accessibility permissions restrictions in Android versions 13, 14, and 15 using a technique previously adopted by dropper-as-a-service (DaaS) offerings like SecuriDropper and deploys the trojan implant.

The free availability of the loader means it could be embraced by other threat actors looking to sidestep Android’s security protections.

In response to this malware, a Google spokesperson stated that “Android users are automatically protected against any known versions of this malware by Google Play Protect by default.”