Security researchers are issuing an urgent alert about a new malware attack that’s targeting Android users’ bank accounts.

The malware, which has been nicknamed “Brokewell,” takes the form of a fake Google Chrome browser update webpage that mimics Google’s own messaging style, reports ThreatFabric.

When users are directed to the page, they see a message stating that Chrome needs to be updated.

If users fall for the fake ad, criminals gain full control of the device, allowing them to capture banking credentials as they’re entered on screen as well as record audio, collect information about the device, access call history and track geolocation data.

“The analysis of the samples revealed that Brokewell poses a significant threat to the banking industry, providing attackers with remote access to all assets available through mobile banking. The Trojan appears to be in active development, with new commands added almost daily.”

ThreatFabric says its analysis shows the malicious application is a previously unknown malware family with a wide range of capabilities.

“Brokewell is equipped with “accessibility logging,” capturing every event happening on the device: touches, swipes, information displayed, text input, and applications opened. All actions are logged and sent to the command-and-control server, effectively stealing any confidential data displayed or entered on the compromised device…

Malware families like Brokewell pose a significant risk for customers of financial institutions, leading to successful fraud cases that are hard to detect without proper fraud detection measures. We believe that only a comprehensive, multi-layered fraud detection solution—based on a combination of indicators, including device, behavior, and identity risks for each customer—can effectively identify and prevent potential fraud from malware families like the newly discovered Brokewell.”

The Federal Trade Commission (FTC) has released a set of guidelines on how to avoid malware attacks.

Among other things, the agency recommends that people download well-known software directly from the source, avoid clicking potentially suspicious links, ignore pop ups, read browser security alerts and scan devices for malicious activity.

 

Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any losses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.

Generated Image: Midjourney

The post New ‘Brokewell’ Smartphone Attack Drains Bank Accounts and Leaks Location, Posing ‘Significant Threat to Banking Industry’: Report appeared first on The Daily Hodl.

Security researchers are issuing an urgent alert about a new malware attack that’s targeting Android users’ bank accounts.

The malware, which has been nicknamed “Brokewell,” takes the form of a fake Google Chrome browser update webpage that mimics Google’s own messaging style, reports ThreatFabric.

When users are directed to the page, they see a message stating that Chrome needs to be updated.

If users fall for the fake ad, criminals gain full control of the device, allowing them to capture banking credentials as they’re entered on screen as well as record audio, collect information about the device, access call history and track geolocation data.

“The analysis of the samples revealed that Brokewell poses a significant threat to the banking industry, providing attackers with remote access to all assets available through mobile banking. The Trojan appears to be in active development, with new commands added almost daily.”

ThreatFabric says its analysis shows the malicious application is a previously unknown malware family with a wide range of capabilities.

“Brokewell is equipped with “accessibility logging,” capturing every event happening on the device: touches, swipes, information displayed, text input, and applications opened. All actions are logged and sent to the command-and-control server, effectively stealing any confidential data displayed or entered on the compromised device…

Malware families like Brokewell pose a significant risk for customers of financial institutions, leading to successful fraud cases that are hard to detect without proper fraud detection measures. We believe that only a comprehensive, multi-layered fraud detection solution—based on a combination of indicators, including device, behavior, and identity risks for each customer—can effectively identify and prevent potential fraud from malware families like the newly discovered Brokewell.”

The Federal Trade Commission (FTC) has released a set of guidelines on how to avoid malware attacks.

Among other things, the agency recommends that people download well-known software directly from the source, avoid clicking potentially suspicious links, ignore pop ups, read browser security alerts and scan devices for malicious activity.

 

Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any losses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.

Generated Image: Midjourney

The post New ‘Brokewell’ Smartphone Attack Drains Bank Accounts and Leaks Location, Posing ‘Significant Threat to Banking Industry’: Report appeared first on The Daily Hodl.