Understanding Brokewell malware: The emerging threat to Android devices.

Hooded man looks at smartphone.

What you need to know about Brokewell malware.

Earlier this month, cybersecurity experts revealed a major threat to mobile devices: Brokewell, a newly identified strain of malware targeting Android devices that has the power to steal user information and seize control of infected devices. 

How does Brokewell work?

What sets Brokewell apart from past “trojan horses”—hidden pieces of malicious software that infiltrate systems—is its truly multifaceted approach. Built off a common malware strain that targets banking and financial apps, Brokewell goes a step further by granting hackers remote access to compromised devices.

The infection burrows into phones and other devices via fake application updates that masquerade as legitimate software upgrades. Common sources of Brokewell infections include fake Google Chrome browser enhancements and supposedly urgent updates to digital authentication apps.

Once installed on a user’s device, Brokewell works with devastating speed. The malware overlays fake windows on top of legitimate mobile apps that can harvest user credentials, swipe browser cookies, and even capture everyday device uses like touches, swipes, and text input. 

These stolen usernames, passwords, search histories, contacts, and other sensitive data are then whisked away to an external server operated by hackers, leaving victims vulnerable to further exploitation like phishing attempts and social engineering scams that leverage stolen info.

Surprisingly, Brokewell’s capabilities don’t stop there. The malware can also function like a version of spyware, logging call histories and recording audio to try and imitate users’ voice commands. In rare instances, Brokewell has even been shown to have live-streaming capabilities, giving attackers full control over their digital targets.

Who’s responsible for Brokewell?

Digging into the servers of the hacking organization responsible for Brokewell, researchers found an online archive called Brokewell Cyber Labs that includes the source code for the malware. Active for two years, the archive gives other hackers the ability to add Brokewell to their toolkits while learning how to check stolen accounts from multiple services. 

The code appears to have the ability to bypass existing Android 13 and newer restrictions on using Accessibility Service for application sideloading, potentially allowing multiple actors to deploy the malware in targeted attacks. Cybersecurity experts fear that the malware’s flexibility will be promoted on the dark web, widening the spread of its impact.  

How can I protect myself from Brokewell?

As usual with cybersecurity incidents, vigilance is critical to avoid becoming infected. Brokewell represents more than just a problem for specific apps—it’s a threat to every application installed on vulnerable Android devices. Businesses and individuals alike must stay alert, understanding the nature of evolving threats and implementing robust cybersecurity measures to thwart would-be attackers.

CMIT Solutions recommends the following tips to protect mobile devices, safeguard sensitive data, and defend digital identities:

  • Work with a trusted partner to keep software updated. Brokewell exploits vulnerabilities related to unregulated software updates, so the first step is to find a reliable IT expert who can help you safely upgrade your mobile device’s operating system, apps, and security software. These updates often include patches for known vulnerabilities, which can help prevent exploitation by malware like Brokewell. If you haven’t enabled automatic updates or aren’t sure which hardware and software need regular attention, a managed services provider like CMIT Solutions can help ensure you’re always running the latest, most secure versions.
  • Use strong multi-factor authentication. If one password or login method is stolen, MFA offers an extra set of guardrails to protect against hacks, breaches, and data theft. Strong authentication methods include biometrics (fingerprint, face recognition) or single sign-on apps that combine standard passwords with one-time codes delivered via text, email, or phone call. These additional layers of security make it harder for unauthorized individuals to access your device or accounts, even if they manage to swipe your credentials.
  • Exercise caution with app downloads. Be smart about the apps you download and install on your mobile device. Stick to reputable app stores like Google Play or Apple’s App Store, and thoroughly research apps before installing them. Check reviews, ratings, and developer information to ensure legitimacy, and be wary of apps that request unnecessary permissions or display suspicious behavior.
  • Encrypt and back up data regularly, remotely, and redundantly. Mobile devices aren’t always the safest for sensitive data. Smartphones are routinely lost, stolen, or otherwise compromised, leaving the information stored on them vulnerable to attack. Most modern devices offer extra encryption features that scramble data stored on the device, making it unreadable without the proper decryption key. 
  • Deploy comprehensive mobile device management (MDM) plans as well. This advanced layer of software-based security protects the integrity and reliability of mobile devices, as well as the data saved and sent from them. Contrary to popular belief, MDM applies to more than just smartphones, encompassing tablets, laptops, and Internet of Things (IoT) devices as well. A successful MDM solution builds and maintains a secure business network, deploys updates and monitors traffic, and meets compliance requirements for sensitive industries.
  • Educate employees about cybersecurity best practices. Well-documented policies and procedures are one thing—knowledgeable human beings who can follow them are another. For businesses of all sizes, employee education is key to maintaining a strong security posture. When staff are trained on mobile device security, phishing schemes, and the need to avoid risky behaviors like connecting to unsecured Wi-Fi networks, a company’s culture of cybersecurity becomes stronger.

Smartphones are critical to day-to-day operations, facilitating hybrid work and allowing employees to stay connected with colleagues at their company. Given our reliance on them, mobile devices deserve the same level of protection as laptops, desktops, and servers. 

If you’re not sure about the status of your smartphone or worried about security vulnerabilities related to Brokewell and Android devices, CMIT Solutions can help. We treat smartphones as an extension of your business and include them in the multi-layered protection we provide to clients across North America.

We’ve worked with thousands of businesses to identify vulnerabilities, fix security gaps, and protect sensitive company data, all while empowering you and your employees to work anytime, anywhere. If you need more help with mobile device management or smartphone security, contact CMIT Solutions today.

Back to Blog


Related Posts

15 Quick Keyboard Shortcuts to Supercharge Your Use of Microsoft Office

In late 2013 and early 2014, CMIT Solutions covered 10 tricks, tips,…

Read More

Personal Data at Risk if You Don’t Wipe Your Old Mobile Device

Over the last 12 months, the four largest mobile carriers in the…

Read More

Who Can You Trust with Your Information? Recent Poll Says Not Many Institutions

No technology trend has been more ubiquitous lately than online security (or…

Read More