A banking-fraud malware known as BRATA has made news once again when it was determined that it was still alive and was targeting Android users. New research from computer security firm Cleafy has shown that a new BRATA version began circulating in December 2021 and that it is purportedly collecting the bank account information of customers. This malware is extremely dangerous since it also does a factory reset and deletes all of the data on the infected computer.
This virus was first identified in 2019 by Kaspersky Labs researchers. At the time, the trojan was only targeting people who were based in the country of Brazil. According to a recent security study report, new variants of the BRATA malware have been developed to target different e-banking customers in the United Kingdom, Poland, Italy, Spain, China, and Latin America, among other countries.
According to a Kaspersky investigation, the first distribution of this banking malware was through push notifications on hacked websites, as well as through Google Play or other official third-party Android shops.
In addition, it has spread through SMS and popular messaging apps such as WhatsApp. For example, an SMS can be sent to persons who are impersonating a bank in order to make their impersonation more credible. In it, there is a link to a website where the victim is urged to download an anti-spam application for their smartphone. Once this is accomplished, the victims are misled into installing a banking trojan programme.
At this time, it is unclear whether attackers are still employing the same means of disseminating this malware. Reports indicate that some individuals have been targeted by phishing SMS messages that are disguised as banking warnings.
According to Cleafy, the new banking android malware brata is being delivered by a downloader, which has even managed to circumvent antivirus programmes in some instances.
Currently, there are three different variations of this trojan. According to the mentioned source, BRATA.A has been in use in the last few months. There is also the option to make a factory reset, as well as the addition of GPS tracking.
The BRATA.B malware family has comparable capabilities, but the code has been enhanced to be more obfuscated, and it makes use of customised overlay pages for various banks in order to get login information. BRATA.C is a service that assists in the distribution of malware on cellphones. This variation uses the primary app that a victim is originally invited to download to install a secondary app that contains malware on their device.
Keep an eye on which applications are granted accessibility or administrative access on your smartphone to prevent becoming entangled in this web of intrigue and danger. According to the security firm, this banking malware makes advantage of accessibility service rights to watch everything that happens on your computer screen.
In the report, it was stated that “TAs will obtain Accessibility Service permissions during the installation phases to observe the activity performed by the victim and/or use the VNC module to retrieve private information displayed on the device’s screen (for example, bank account balance, transaction history, and more).”
Read More: What does your smartwatch really do with your data?
Read More: 7 Ways to avoid getting your Twitter account hacked
Read More: What is 256 Bit Encryption?