Best Cheap Phone Plans for April 2024

New Brokewell Malware Takes Over Android Devices, Steals Data

Security researchers have discovered a new Android banking trojan they named Brokewell that can capture every event on the device, from touches and information displayed to text input and the applications the user launches.

The malware is delivered through a fake Google Chrome update that is shown while using the web browser. Brokewell is under active development and features a mix of extensive device takeover and remote control capabilities.

Brokewell details

Researchers at fraud risk company ThreatFabric found Brokewell after investigating a fake Chrome update page that dropped a payload, a common method for tricking unsuspecting users into installing malware.

Looking at past campaigns, the researchers found that Brokewell had been used before to target "buy now, pay later" financial services (e.G. Klarna) and masquarading as an Austrian digital authentication application called ID Austria.

Brokewell's main capabilities are to steal data and offer remote control to attackers.

Data stealing: 

Mimics the login screens of targeted applications to steal credentials (overlay attacks).

Uses its own WebView to intercept and extract cookies after a user logs into a legitimate site.

Captures the victim's interaction with the device, including taps, swipes, and text inputs, to steal sensitive data displayed or entered on the device.

Gathers hardware and software details about the device.

Retrieves the call logs.

Determines the physical location of the device.

Captures audio using the device's microphone.

Device takeover: 

Allows the attacker to see the device's screen in real-time (screen streaming).

Executes touch and swipe gestures remotely on the infected device.

Allows remote clicking on specified screen elements or coordinates.

Enables remote scrolling within elements and typing text into specified fields.

Simulates physical button presses like Back, Home, and Recents.

Activates the device's screen remotely to make any info available for capture.

Adjusts settings like brightness and volume all the way down to zero.

New threat actor and loader

ThreatFabric reports that the developer behind Brokewell is an individual calling themselves Baron Samedit, who for at least two years had been selling tools for checking stolen accounts.

The researchers discovered another tool called "Brokewell Android Loader," also developed by Samedit. The tool was hosted on one of the servers acting as command and control server for Brokewell and it is used by multiple cybercriminals.

Interestingly, this loader can bypass the restrictions Google introduced in Android 13 and later to prevent abuse of Accessibility Service for side-loaded apps (APKs).

This bypass has been an issue since mid-2022 and became a bigger problem in late 2023 with the availability of dropper-as-a-service (DaaS) operations offering it as part of their service, as well as malware incorporating the techniques into their custom loaders.

As highlighted with Brokewell, loaders that bypass restrictions to prevent granting Accessibility Service access to APKs downloaded from shady sources have now become common and widely deployed in the wild.

Security researchers warn that device takeover capabilities such as those avaialble in the Brokewell banker for Android are in high demand among cybercriminals because it allows them to perform the fraud from the victim's device, thus evading fraud evaluation and detection tools.

They expect Brokewell to be further developed and offered to other cybercriminals on underground forums as part of a malware-as-a-service (MaaS) operation.

To protect yourself from Android malware infections, avoid downloading apps or app updates from outside Google Play and ensure that Play Protect is active on your device at all times.

Google has confirmed to BleepingComputer that Google Play Protect automatically protects users against known versions of this malware

Android Device Hijacking Facilitated By New Brokewell Banking Trojan

BleepingComputer reports that Android devices could have their data compromised and be eventually hijacked in attacks with the novel Brokewell banking trojan.

Initial compromise was achieved through a fraudulent Google Chrome update page, which when clicked would deploy Brokewell with an extensive set of data theft capabilities, according to a ThreatFabric report.

Aside from exfiltrating credentials by spoofing targeted apps' login screens and extracting website cookies via WebView, Brokewell also gathers text inputs and other user interactions, call logs, device hardware and software information, and audio. Attackers could also leverage the Android banking trojan to facilitate real-time screen streaming, gesture execution, remote screen clicking and scrolling, and device brightness and volume adjustments, said researchers.

Such a banking trojan, which has been developed by Baron Samedit who engaged in the sale of other hacking tools during the last two years, could still be enhanced to support a malware-as-a-service operation, researchers added.

IPhone And Android Owners Told To Ask For The 'secret Ingredient' On Phone Call – Don't Risk Your Bank Being Emptied

ASKING a simple question about a so-called secret ingredient could save you from a devastating and costly phone scam.

Cyber-experts have told The U.S. Sun about a simple but effective scam-busting change to your phone call habits.

1

Don't let cybercriminals take advantage of you using AICredit: Getty

It's a bid to combat a sinister con that uses artificial intelligence to part you from your money.

Experts say criminals are using AI to clone the voice of a victim's family members, friends, or colleagues – and then using it for fraudulent requests to score easy cash.

A voice can now be cloned using AI in just a few seconds, making the scam increasingly easy to execute.

James McQuiggan, security awareness advocate at KnowBe4, told us that if you're worried that you're talking to an AI voice clone, there's a simple trick to employ.

"Remain calm and ask questions that only the person would know or ask questions that the scammers would not know," James said, speaking to The U.S. Sun.

"Maybe odd ones like: 'The dinner you cooked last night was fantastic. What was that secret ingredient?'

"This is based on the fact that they didn't cook dinner, but the scammer will not know that.

"And will either come up with a bogus response or there will be a long pause as they try to generate a response."

BOMB SCARE

UK town centre on lockdown after 'grenade found' with huge emergency response

'determined to finish'

ITV News star Rageh Omaar gives health update after falling ill

slamming show

ITV News presenter hits out at channel for not taking Rageh Omaar off air

SHAMED DOC

TV doctor is struck off after giving patient free Botox in return for sex

Using a simple conversational trick like this is an easy way to expose scammers.

And of course you could invent your own question – just make sure the answer is something a scammer could never answer convincingly.

Life Savings Stolen - Large Sums of Money Being Drained from Customer Account - Digital Scams - Decieved

It's worth thinking up your own variant to this trick so make sure you're as safe as possible from scammers.

This is a great trick if you're concerned by an urgent request for money – but there's some other preparation you can do.

"Another option is to have a passcode or passphrase that must be provided when in doubt," James told us.

Consider speaking to close friends and family members to set up a codeword.

They didn't cook dinner, but the scammer will not know that

James McQuigganKnowBe4 security awareness advocate

That way you can use it when you're worried about a strange request on a phone call.

And if all else fails, ask direct questions about shared memories that couldn't be answered based on info on the internet.

Also consider contacting that person via another method – or checking with them in real life.

It's a major red flag if they're asking for huge sums of money, especially using a strange method like gift cards, cryptocurrency, or to a new bank account.

Phone scam statistics

Americans are bombarded with three billion spam phone calls a month. What are the figures regarding the number of victims and the amount of money lost to fraudsters

In 2022, Americans lost some $39.5 billion to phone scams, with 68.4 million US citizens affected, according to TechReport.

The average phone scam victim lost $567.41 each in 2021, a major rise on the 2021 figure of $182 per victim, according to Hiya.

The majority of scams happen over the phone, with fraudsters twice as likely to call compared to text in 2021, as reports the Federal Trade Commission (FTC).

In 2021, the US saw a 56% increase in spam phone calls with 60% of those being robocalls.

US residents experienced an average of 18 spam phone calls per month, although some experts believe the true figure may be as high as 31 per month.

Many phone calls from reputable businesses may be marked wrongly as spam, but 38% of companies have no idea whether they're being marked as "potential fraud" or not, according to Hiya.

Never hand over any personal or financial information if you suspect a phone call is a scam. For instance, your bank will never ask you for such details in full over the phone. 

To cut down on spam phone calls and scams, sign up for the Do Not Call Registry. Telemarketers, by law, will need to check that list before they call you up.

Downloading third-party apps such as Hiya, Nomorobo, or Truecaller can help filter out annoying spam calls.

Try not to share your phone number unless you have to, especially online or with sketchy sources.

---