homepage logo

Tech Matters: New threat to mobile banking apps demystified

By Leslie Meredith - Special to the Standard-Examiner | May 1, 2024

Photo supplied

Leslie Meredith

Researchers at ThreatFabric have identified a new strain of Android mobile banking malware called Brokewell that can steal a wide swath of data from a user’s device and take control of these infected devices. The group responsible for the new malware has made no secret of its latest product, advertising Brokewell products — so named because “Well, now you’re broke” — on the dark web.

“The analysis of the samples revealed that Brokewell poses a significant threat to the banking industry, providing attackers with remote access to all assets available through mobile banking,” the ThreatFabric team wrote in their post. “We anticipate further evolution of this malware family, as we’ve already observed almost daily updates to the malware.” They believe Brokewell will be marketed as a rental service to other cybercriminals.

People who use phones that run Android should be alert to this threat. Most often, the malware is disguised as a Google Chrome web browser update page, using a design similar to the real Chrome installation page. The cybercriminals are banking on users doing a cursory check or no check at all and simply tapping update.

If you see a prompt to update Chrome on your Android device, do not proceed. Check the message. Instead of Google’s authentic text that reads “The browser built to be yours,” the malicious page reads “An update is required yours.” Yes, it’s an obvious error, and you won’t find typos on legitimate Google pages.

Once installed, Brokewell malware extracts login credentials by displaying phishing screens over your real mobile banking login screen. It can simulate screen touches, swipes and presses, input text and other mechanical measures like adjusting the brightness of the screen and making the phone vibrate. It also has spyware functionalities that collect device data, geolocation details, call logs, and can record audio and livestream the screen. Simply put, it can transfer money right out of your accounts.

Android users should be automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services. To check, open the Google Play Store app on your phone and tap the profile icon at the top right. Tap “Play Protect” and then “Settings” (look for the gear icon). Confirm Play Protect is on. If at any time, you receive a notification from Google about a harmful app, you will want to remove the app. Tap the notification and then tap “Uninstall.”

Brokewell is just the latest in a constant stream of malware threats that can affect any of your devices connected to the internet. Using security software for both mobile and computers is always a good idea, but sadly, we’ll never have a “set it and forget it” environment. Think of security software as a tool, not as a replacement for your vigilance.

What can you realistically expect from security software? Like with Android, Windows computers come with antivirus software built into the system since Windows 8. Microsoft Defender is free and runs automatically in the background. Apple also includes protection built into macOS called XProtect. The latest version was released in February and should have been automatically installed with your system update. Keep automatic updates turned on for your computers to ensure you don’t miss an important one.

Some users believe antivirus software noticeably slows down their PC. This was true 20 or more years ago, but not today. Antivirus software runs in the background and is most active when you launch an application, yet you still shouldn’t notice much of a slowdown and, likely, none at all. If you find your machine is sluggish, look for another cause.

Suppose it’s been a while since you’ve used antivirus software because you have an older PC or have turned off Microsoft Defender or another product. In that case, you will be pleasantly surprised that today’s security software runs automatically. You will not have to go into the program to run a scan and then wait for the results. Comprehensive scans are scheduled for times when you are not using the machine. You will receive an alert if anything suspicious is found the next time you log on.

Another advantage to modern antivirus programs is that they are regularly updated to detect threats, including known threats as well as new ones. While no antivirus product is guaranteed to catch everything, they will catch most threats. However, your goal is to prevent the threat from ever reaching your device. Most malware arrives by email so be very careful — don’t click on links or open attachments unless you were expecting these from a colleague or friend. And to come full circle, if you use an Android phone, I would remove mobile banking apps altogether because the convenience is not worth the risk.

Leslie Meredith has been writing about technology for more than a decade. As a mom of four, value, usefulness and online safety take priority. Have a question? Email Leslie at asklesliemeredith@gmail.com.


Join thousands already receiving our daily newsletter.

I'm interested in (please check all that apply)