To research published earlier this week shows that a nasty Android banking malware has evolved, bringing with it a number of alarming new features, including the ability to factory reset your device after stealing your money.
The malware in question is called BRATA, short for “Brazilian Remote Access Tool Android”. As you would expect from its name, it originally appeared in Brazil several years ago, but has since spread to many other parts of the globe. Researchers from the security firm Cleafy wrote this week that the latest version of the malware, first spotted in December, has a number of additional features that give criminals an even better advantage over their victims than previous versions.
Technically, BRATA is a banking trojan, which means it is designed to steal money from banking apps or other financial services. It is also a RAT (remote access tool), which is a generic term for a program that can deploy code remotely to a device. RATs are commonly used by criminals to spread malware.
BRATA developers are notorious for using fake trojanized apps to infiltrate victims’ phones. These apps can be trafficked on Google Play or other legitimate sites, where they then trick unsuspecting users. Once the apps are downloaded, they ask for intrusive permissions that allow malware operators to gain intimate access to the user’s device.
Trojans are often bundled with keyloggers and other spyware features, and BRATA is no exception. By using the Trojan, the criminals will actually deploy fake login pages on the user’s phone, which will then allow them to harvest credentials to online bank accounts, the researchers write.
The latest version now features an additional capability that allows hackers to erase any evidence of their wrongdoing by factory resetting a device after stealing it. for money. “This mechanism represents a kill switch for this malware,” the researchers write, noting that factory reset is frequently seen after a “bank fraud has been completed.” This way, the victim “will waste even more time before realizing that a malicious action has occurred”, they note. In other words, the factory reset mechanism is designed to blind the victim while cyber criminals get away with their ill-gotten gains.
But factory reset has also been observed at times when BRATA’s Trojan apps were installed in a virtual environment, researchers say. This is interesting, because researchers usually install malicious programs in virtual environments to study them safely. So the idea is that BRATA developers can initiate the implosion of the malware to prevent analysis of the software’s code, thereby preventing analysts from reverse-engineering its programming.
Earlier versions of BRATA have already been witnessed in the United States, and the latest version was recently seen targeting banking institutions in the United Kingdom, Poland and Italy, researchers wrote.
Given BRATA’s reliance on Trojan horse apps, the best defense is to check every app you download – something you should definitely do anyway. Early 2021, It has been reported that BRATA apps had been swiped on the Google Play Store, even though they were later deleted. In general, you should stick to well-known and reliable apps, and avoid programs found on sketchy third-party sites, lest you end up with a phone full of malware.
