Security researchers are urgently warning of a new malware attack targeting Android users’ bank accounts.
The malware, nicknamed ‘Brokewell’, takes the form of a fake Google Chrome browser update page that mimics Google’s messaging style, ThreatFabric reports.
When users are taken to the page, they will see a message stating that Chrome needs to be updated.
If users fall for the fake ad, criminals gain full control of the device, allowing them to capture banking details as they are entered on the screen, as well as record audio, collect information about the device, access call history and geolocation data can follow.
“The analysis of the samples showed that Brokewell poses a significant threat to the banking industry as it provides attackers with remote access to all assets available through mobile banking. It appears that the Trojan is in active development, with new commands being added almost daily.”
ThreatFabric says the analysis shows the malicious application is a previously unknown malware family with a wide range of capabilities.
“Brokewell features ‘accessibility tracking’, which records every event that happens on the device: touches, swipes, information displayed, text input and applications opened. All actions are recorded and sent to the command-and-control server, effectively stealing any confidential data viewed or entered on the compromised device…
Malware families like Brokewell pose a significant risk to financial institution customers, leading to successful fraud cases that are difficult to detect without proper fraud detection measures. We believe that only a comprehensive, multi-layered fraud detection solution – based on a combination of indicators including device, behavioral and identity risk for each customer – can effectively identify and prevent potential fraud from malware families such as the newly discovered Brokewell.”
The Federal Trade Commission (FTC) has released a set of guidelines on how to avoid malware attacks.
The agency recommends that people download known software directly from the source, avoid clicking potentially suspicious links, ignore pop-ups, read browser security warnings, and scan devices for malicious activity, among other things.
Don’t miss a beat – Subscribe to receive email alerts straight to your inbox
Check price action
follow us on XFacebook and Telegram
Surf to the Daily Hodl mix
Generated image: Midjourney