Android users in the UK are facing a new threat from the Brokewell malware, which has been spreading rapidly through fake adverts on social media. Security firm Bitdefender has issued an urgent warning after detecting a surge in attacks that can give cybercriminals full control of infected devices.
Once installed, Brokewell allows hackers to spy on users, steal data, raid bank accounts, and intercept security codes used to access email and other accounts. The malware is distributed via sponsored messages on platforms like Facebook, offering free access to premium financial services that normally cost thousands of pounds.
Victims are tricked into downloading an official-looking app, which is then side-loaded onto devices, bypassing the safer Google Play Store. Bitdefender's analysis found that the campaign has used 75 malicious ads and may have reached tens of thousands of users in the EU alone.
To protect against Brokewell, Bitdefender advises following four key rules: avoid sideloading apps by only installing from official stores like Google Play; be wary of ads even on trusted platforms; check URLs carefully for lookalike domains; and review app permissions, especially if an app requests accessibility access or lock screen PINs without a clear reason.
This alert follows a separate warning from Zscaler's ThreatLabs, which identified 77 dodgy apps on Google Play laced with the Anatsa malware, designed to steal banking details and enable fraudulent transactions.
