“Brokewell" the new Trojan disguised as a Chrome update that steals banking data
07/05/2024Cybersecurity researchers have identified a new Trojan that poses a serious threat to Android device users, especially those who bank on their phones. The malware, known as "Brokewell", masquerades as a Google Chrome update, allowing cybercriminals to gain remote access to sensitive information. Overlay attacks The discovery was made by security firm ThreatFabric, which has been following the development of this mobile Trojan. According to their report, Brokewell uses overlay attacks to trick users. The technique involves creating a fake screen that is placed on top of a legitimate application, allowing attackers to capture users' access credentials without them realizing it. Additionally, malware can steal session cookies and send them to a command and control (C2) server, giving attackers greater control over the infected device.Once Brokewell manages to infiltrate a device, it can carry out a series of malicious actions, such as screen casting to capture keystrokes and data displayed in open applications. It can also spy on the device, collecting information such as call history, geolocation, and audio recordings. A trojan in constant evolution The threat is especially worrying because the Trojan is constantly evolving. According to ThreatFabric, the Brokewell Cyber Labs repository adds commands and functionality almost daily. The source code includes tools to bypass Android 13+ restrictions, allowing attackers to bypass the operating system's security measures and ultimately compromise the security of users.One clue to Brokewell's developer is the signature "Baron Samedit," which appears in the malware's source code and other places related to its promotion. This person or group is believed to have been active for at least two years, and is known to provide tools to check stolen accounts. Its presence in clandestine channels suggests that the Trojan could gain popularity among other cybercriminals, increasing its reach and the risk of attacks on clients of financial institutions. Malware with risk for the banking sector Cybersecurity experts warn that Brokewell poses a significant risk to the banking sector and that it is essential that Android users stay alert for suspicious updates and have appropriate security measures in place to prevent fraud and the loss of sensitive information.
[ ... ]
Peripherals
Don't let your computer walk alone! Find here the gaming peripherals you need for a comfortable and long gaming session. Equip yourself with the best multimedia peripherals and discover all the basic and office peripherals that will turn your computer into a comfortable workstation.
[ ... ]
Cookies
A cookie is a file that is downloaded to your computer to access certain web pages. Cookies allow a website, among other things, to store and retrieve information about the browsing habits of a user or their equipment and, depending on the information they contain and how you use your computer, they can be used to recognize the user. However, this only means obtaining information related to the number of pages visited, the city assigned the IP address from which you accessed, the number of new users, frequency and recurrence of visits, time of visit, the browser or the operator or terminal type from which the visit takes place. In no event will data be obtained about the full name or address from which the user is connected. The cookies used on this website and the specific purpose of each one are: UTMA Cookie: We use this cookie to count how many times a unique user visits the site. UTMB Cookie: We use this cookie to calculate how long a user stays on a page. UTMZ Cookie: This cookie stores the visitor's origin, the path followed to access the web, either the direct access from a link on another website, from an email link using certain keywords in a search engine, through a display campaign, or through an AdWords ad. UTMC Cookie: The current JavaScript code that Google Analytics uses does not require this cookie. This cookie is used, along with the utmb cookie, to determine if after more than 30 minutes on the same page a new session should or should not be established for the user. This cookie is still written to ensure compatibility with the websites where you installed the old urchin.js tracking code. PHPSESSID Cookie: We use this cookie to identify the relevant user. You can allow, block or delete cookies installed on your computer by setting your browser options. You can find information about how, in relation to the most common browsers, on the links listed below: Explorer: http://windows.microsoft.com/es-es/windows7/how-to-manage-cookies-in-internet-explorer-9 Firefox: http://support.mozilla.org/es/products/firefox/cookies Chrome: http://support.google.com/chrome/bin/answer.py?hl=es&answer=95647 Safari: http://support.apple.com/kb/ph5042 Please note, however, that there is the possibility that disabling any cookie may prevent or hinder navigation or the provision of services offered on this website.
[ ... ]