BRATA, a remote access trojan that has been used to steal banking details in the past, has been updated with a few new capabilities such as GPS tracking and the ability to wipe your phone’s data as a kill-switch.
It has now been updated to attempt to evade antivirus scanners, keylog, and factory reset the smartphone. The malware can be installed on your Android smartphone through an application. These applications are usually deployed on your smartphone through a primary app that can install a secondary app that hides the malware.
The malware captures the login details of the banking apps on your phone and sends it to fraudsters as it can use multiple communication channels. The details can be later used to make fraudulent transactions or it can be sold to criminals on the dark web.
BRATA was first spotted in 2019 as an Android RAT (remote access tool) when it was mainly targeting Brazilian users. Now, there are different variants of BRATA aimed at different audiences, targeting e-banking users in the UK, Poland, Italy, Spain, China, and Latin America.
BRATA makes use of accessibility service permissions to view what’s on your screen, including screenshots and user keystrokes. The biggest change though is the introduction of a remote factory reset, which appears to be executed once a user’s banking details have been successfully stolen.
It is also executed when BRATA suspects it is being run in a virtual environment. This can only be done if you give the app administrator access on your phone. The best way to avoid being infected is to be careful about which apps you provide accessibility or admin access to.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
