The most popular mobile platform in the world is not safe heaven, with more users than any other. With large user base cybercriminals target the platform to get the most out of it, and we’ve seen the platform targeted time and time again over the years with varying degrees of success. One malware that has proved to be particularly difficult to shake off has been BRATA, a remote access trojan that has been used to steal banking details in the past. Now an updated version of the malware has been discovered in the wild, and it has a few new capabilities — including the ability to wipe your phone’s data as a kill-switch.
A report from computer security firm Cleafy (via Bleeping Computer) outlines how this new BRATA variant operates. In short, it has now been updated to attempt to evade antivirus scanners, keylog, and factory reset the smartphone. There are different variants of BRATA aimed at different audiences, targeting e-banking users in the UK, Poland, Italy, Spain, China, and Latin America.BRATA.A added the GPS tracking feature and factory reset ability, and BRATA.B has the same features plus more obfuscated code and tailored overlay pages for specific banks to capture login details.
The solution used to deploy the malware on smartphones through BRATA.C is to use a primary app that can then download and install a secondary app with the malware. The best way to avoid being infected is to be careful about which apps you provide accessibility or admin access to. BRATA makes use of accessibility service permissions to view what’s on your screen, including screenshots and user keystrokes.
The biggest change though is the introduction of a remote factory reset, which appears to be executed once a user’s banking details have been successfully stolen. It is also executed when BRATA suspects it is being run in a virtual environment. This can only be done if you give the app administrator access to your phone. There are many pieces of malware circulating online that could potentially infect your smartphone, and the best way to avoid becoming a victim is to ensure vigilance in what apps you install. Typically, the best way to avoid getting caught out is to never give accessibility permissions or administrator permissions to any app and to only install apps from recognized distribution platforms.
It has been a long time since I joined Research Snipers. Though I have been working as a part-time tech-news writer, it feels good to be part of the team. Besides that, I am building a finance-based blog, working as a freelance content writer/blogger, and a video editor.