Android: this banking malware “mutes” to do even more damage

The BRATA banking malware has been targeting Android smartphones since 2018. Its name is an acronym for “Brazilian Remonte Access Tool Android” – Brazil being the first country in which it was detected. It is now also well established in Europe, where it spreads hidden in fake applications, including antivirus. According to Cleafy researchers, BRATA is getting some pretty disturbing new features.

For example, the phishing pages allowing the collection of banking identifiers have been updated. The application can access SMS (and therefore collect one-time use 2FA codes). Furthermore, it can launch the installation of a “second payload” from a remote server, opening the way to other types of attacks in the future. This backdoor indeed potentially allows them to install anything on the victims’ smartphones.

Android malware BRATA gets disturbing new features

According to Cleafy, the malware sponsors are currently testing new features in an attempt to make their software even more offensive. For example, a variant discovered in an app named SMSAppSicura.apk uses the same servers, but has the primary purpose of siphoning off SMS conversations – looking for login codes.

Finally, the targets of the malware seem to specialize – to target only the customers of certain banking institutions as a priority for a certain period. The researchers explain: “early campaigns of the malware were distributed through mainstream fake applications like antivirus, while in more recent campaigns the malware takes a turn to become an advanced persistent threat against customers of a specific Italian bank”.

The Cleafy researchers go on to explain that those responsible for BRATA “are now focusing on targeting a specific bank for a few months before moving on to another target”. If you think that your Android smartphone is likely to be infected with malware, we advise you to opt for suitable antivirus software. We have negotiated very interesting offers with Bitdefender for Presse-Citron readers.

Also Read – Iranian Hackers Develop Android Malware to Bypass SMS Double Authentication

To learn more, just click the button below:

See the Bitdefender offer

Leave a Comment