**⇄ Σ = Mᄃ² ⇆** @[email protected] · 2024-04-25T19:34:24Z

⇄ Σ = Mᄃ² ⇆ @[email protected]

Security researchers have discovered a new Android banking trojan they named Brokewell that can capture every event on the device

#CoSoSec #Android

The malware is delivered through a fake Google Chrome update that is shown while using the web browser

Researchers at fraud risk company ThreatFabric found Brokewell after investigating a fake Chrome update page that dropped a payload, a common method for tricking unsuspecting users into installing malware.

https://www.threatfabric.com/blogs/brokewell-do-not-go-broke-by-new-banking-malware

f19d564c45ce9cc2.png?1714073657

Apr 25, 2024, 19:34 · 2· 0· 3

**⇄ Σ = Mᄃ² ⇆** @[email protected] · Apr 25, 2024, 19:34

**⇄ Σ = Mᄃ² ⇆** @[email protected] · Apr 25, 2024, 19:34

Apr 25, 2024, 19:34

⇄ Σ = Mᄃ² ⇆ @[email protected]

The researchers discovered another tool called "Brokewell Android Loader," also developed by Samedit. The tool was hosted on one of the servers acting as command and control server for Brokewell and it is used by multiple cybercriminals.

Tools sold on the threat actor's website

-- ThreatFabric

a252304b2b841ae3.png?1714073684

**⇄ Σ = Mᄃ² ⇆** @[email protected] · Apr 25, 2024, 19:41

**⇄ Σ = Mᄃ² ⇆** @[email protected] · Apr 25, 2024, 19:41

Apr 25, 2024, 19:41

⇄ Σ = Mᄃ² ⇆ @[email protected]

Interestingly, this loader can bypass the restrictions Google introduced in Android 13 and later to prevent abuse of Accessibility Service for side-loaded apps (APKs).

As highlighted with Brokewell, loaders that bypass restrictions to prevent granting Accessibility Service access to APKs downloaded from shady sources have now become common and widely deployed in the wild.

Advice >> ensure that Play Protect is active on your device at all times.....