Sneaky threat actors are continuing to exploit Android banking trojan BRATA to perform mobile banking fraud, using the nasty malware to monitor an unsuspecting victim’s bank account, perform wire transfers, and factory reset their smartphone to erase any traces.
First spotted by Karspesky in 2019, the “Brazilian RAT Android” (BRATA) is a known Android remote access tool that originally targeted Android users in Brazil. Now, it has recently started spreading around the globe, including in the UK, Poland, and Italy. There have even been tailored variants for Spain and China spotted.
As reported by cybersecurity fraud prevention company Cleafy (via Tom’s Guide), the cybercriminals behind the malware spread it through messages delivered via WhatsApp or SMS, and even sponsored links in Google searches. Once installed, the threat actors can take full control of a victim’s phone, monitor and clean out their bank account, and factory reset the device via a “kill switch” once the job is done.
As explained by Cleafy, the BRATA attack chain often starts with a fake SMS text containing a link to a website, asking them to urgently download an anti-spam security app. The SMS mimics the victim’s bank to convince them to download an anti-spam app, with the promise to be contacted by a bank operator. If clicked, the scam link redirects the victim to a phishing page that looks like the bank’s official website, asking them to put in their private credentials.
To make it all the more convincing, a fake support technician will call the victim to walk them through installing the malicious app, giving the anti-spam app access to multiple permissions so the hackers have full control over their phone. The threat actors use the trojan to monitors all users’ keystrokes when visiting a banking app, record and take screenshots to retrieve private information, block and forward incoming texts from the victim’s bank for 2FA purposes, uninstall other apps, and wipe the phone clean via factory reset.
The BRATA malware continues to grow, as cybersecurity experts have even discovered it has the potential to track victims via GPS signal. However, the development phase on this has “has been currently stopped.”
“According to our findings, we can expect BRATA to keep staying undetected and to keep developing new features,” Cleafy states. It’s a nasty malware that can fool anyone, and Android apps can be a huge cybersecurity risk especially when they’re found outside the Googe Play store. Stay away from links sent via text message from “official” banks or companies. If you are expecting a message and receive a well-timed text, it’s better to head to your bank’s official website and check the link, rather than opening up a link found in an SMS message.
Cybersecurity researchers discovered that Google’s security software detected only 31% of spyware threats on Android devices, failing to recognize 20 out of 29 malicious apps in a security application test. With this in mind, it’s a good idea to take cybersecurity into your own hands and start signing up for the best VPN services, best authenticator apps, and best password managers.