Virus targets European banking apps
BRATA, a new banking Trojan, is able to "clean" its victim's smartphone right after stealing money from their bank account.
The BRATA malware has been around since 2019. In concrete terms, it is a scalable Remote Access Trojan (RAT). It monitors a victim's bank account and commits fraud by means of unauthorised transfers.
At the time, it was used as spyware and targeted exclusively Android users in Brazil. It was able to take screenshots of a victim in real time. Initially, BRATA spread on the Google Play Store as a fake WhatsApp update. In total, more than 10,000 downloads targeted about 500 users per day. Eventually, BRATA disappeared. After disappearing, BRATA returned three years later as a more dangerous variant. In addition to being a spying tool, it now attacks bank data and can render Android smartphones unusable after retrieving sensitive information.
The new BRATA variant
According to Cleafy, the new version of BRATA began appearing last December. It now targets users in the UK, Poland, Italy and Latin America. The malware spreads when users install a download application on their Android device. Specifically, BRATA is spread through malicious applications and SMS messages that appear to be from a bank. In plain English, the message asks the recipient to take immediate action to protect their data and contains links to "help" them do so. Once the victim has clicked on the link, they are taken to a mobile-only web page that mimics the bank's website. This person will be prompted to download a secure application directly from their bank's website.
Spying and destruction of the device
Once downloaded, the malware allows the hackers to monitor actions taken on the device. For example, as soon as the user opens a banking application, the action is reported and the software quickly captures the login information. It then sends them to the cybercriminal. The updated version of BRATA can also "destroy" a smartphone remotely. In effect, the hacker performs a factory wipe of the device remotely. For cybercriminals, the purpose of this manipulation is to hide any evidence of the illicit transfer from the victim's online bank account.
Vulnerable applications
Unlike the Apple ecosystem, anyone can create an application for Android. And with little control. Thus, hackers can easily insert malicious code into an application. This accessibility has an impact on the security of Android users, who are increasingly vulnerable to malware. The best way to avoid this threat is to download applications directly from the Google Play Store. Feedback from other users can be a first indication of the reliability of an application.
Read the full article here: Geeko Le Soir
