Android users have been warned of a new malware (malicious software) called ‘Brokewell’.
What is Brokewell?
Researchers (ThreatFabric) have identified Brokewell, a type of malware that targets Android users. Once installed, it is disguised as a legitimate Chrome update and enables ‘accessibility logging’. The malware is designed to gain full control over the victim's device, leading to significant privacy risks and opportunities for financial fraud, ID theft, and more.
How Does Brokewell Work?
Brokewell deceives users into installing a fake Chrome update. Upon executing the supposed update, hackers can then gain access to the device. This access allows them to:
- Capture banking credentials entered on the screen.
- Record audio in real-time.
- Collect extensive device information.
- Access call history.
- Track the user's geographical location.
All activities conducted on the infected device are logged and transmitted to a command-and-control server. This means any application or service on the infected device, regardless of its nature, is vulnerable to compromise.
Who's At Risk?
Brokewell's primary target is Android users. Android users who frequently use banking applications on their phones are at particularly high risk due to the malware's direct financial implications.
How Can People Stay Protected?
Protecting against malware like Brokewell requires vigilance and adherence to best practices in cyber hygiene:
- Beware of Phishing Attempts: Always verify the legitimacy of any request for updates or downloads. Only install software from trusted sources, typically directly from app stores or official websites.
- Install Antivirus Software on Mobile Devices: Use reputable antivirus solutions on your smartphones to detect and prevent malicious software installations.
- Regularly Update Software: Ensure that your operating system and all applications are up-to-date. However, updates should only be downloaded from official platforms.
- Education: Individuals should be aware of the common tactics used by cybercriminals, such as fake updates and phishing emails. Educating friends and family can also help prevent the spread of malware.
- Use Network Security Measures: Employ security solutions that monitor and block suspicious activities on a device. This includes using secure Wi-Fi networks and avoiding public Wi-Fi for financial transactions or sensitive communications.
- Enable Device Security Settings: Activate security settings such as two-factor authentication, which adds an additional layer of protection even if the device is compromised.
Reducing Cyber Risk
DynaRisk’s Cyber Xpert tool is an all-in-one solution for personal use that is designed to simplify cyber risk management. With a combination of educational guides, ongoing monitoring, and passive scans, we provide everyday users with the necessary tools to mitigate cyber threats before they turn into attacks. If you're interested in learning more about our extensive cyber risk solutions, feel free to get in touch with our team for a chat on how we can help your customers stay safe online.