Security researchers have discovered a new Android banking trojan they named Brokewell that can capture every event on the device, from touches and information displayed to text input and the applications the user launches.
Why are articles about mobile malware or hack tools always written vaguely enough to suggest they’re 0-click? What valuse does an article have if it doesn’t list the steps to get infected or uninfected?
That’s an incredibly vague statement that’d lead most people to think they’re fucked if they so much as open a site that says to update chrome.
Unless it’s using some unmentioned exploit, the user in question needs to:
Download the ‘update’ from their browser instead of play store
Ignore the dangerous download warning chromium browsers show
Run the download
Enable installing apk from their browser / file manager
Ignore that the prompt says ‘install’ and not ‘update’
Ignore the play protect unknown app warning (or dangerous app warning if it recognizes the malware)
Find and enable the accessibility service for the malware
Ignore the accessibility warning
Enable all the other permissions or disable settings app accessibility protection
Unless the app is circumventing the above steps, much more than just a “fake Google Chrome update that is shown while using the web browser.” is needed to get infected. Not specifying if this is just an ordinary app with malicious intentions or if it actually uses exploits to achieve what normally can’t be is misleading.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]
5. Engage respectfully: Harassment, flamebaiting, bad faith engagement, or agenda posting will result in your posts being removed. Excessive violations will result in temporary or permanent ban, depending on severity.
6. Memes are not allowed to be posts, but are allowed in the comments.
7. Posts from clickbait sources are heavily discouraged. Please de-clickbait titles if it needs to be submitted.
8. Submission statements of any length composed of your own thoughts inside the post text field are mandatory for any microblog posts, and are optional but recommended for article/image/video posts.
Why are articles about mobile malware or hack tools always written vaguely enough to suggest they’re 0-click? What valuse does an article have if it doesn’t list the steps to get infected or uninfected?
Not sure what you are talking about. Paragraph 1 has
and the article makes it pretty clear after that that the user is tricked into installing the fake apk.
That’s an incredibly vague statement that’d lead most people to think they’re fucked if they so much as open a site that says to update chrome.
Unless it’s using some unmentioned exploit, the user in question needs to:
Unless the app is circumventing the above steps, much more than just a “fake Google Chrome update that is shown while using the web browser.” is needed to get infected. Not specifying if this is just an ordinary app with malicious intentions or if it actually uses exploits to achieve what normally can’t be is misleading.