BleepingComputer reports that Android devices could have their data compromised and be eventually hijacked in attacks with the novel Brokewell banking trojan.
Initial compromise was achieved through a fraudulent Google Chrome update page, which when clicked would deploy Brokewell with an extensive set of data theft capabilities, according to a ThreatFabric report.
Aside from exfiltrating credentials by spoofing targeted apps' login screens and extracting website cookies via WebView, Brokewell also gathers text inputs and other user interactions, call logs, device hardware and software information, and audio. Attackers could also leverage the Android banking trojan to facilitate real-time screen streaming, gesture execution, remote screen clicking and scrolling, and device brightness and volume adjustments, said researchers.
Such a banking trojan, which has been developed by Baron Samedit who engaged in the sale of other hacking tools during the last two years, could still be enhanced to support a malware-as-a-service operation, researchers added.