A malware called BRATA is still active and is targeting Android users. A security firm Cleafy, claims that the new variant of BRATA started in December 2021. It steals the bank account details of the users. This trojan is not new, BRATA was previously discovered in 2019 by Kaspersky. At that time, it targeted users in Brazil.
This Android Trojan Wipes your Data
Now, new security research claims that the new variant is targeting different e-banking users living in the UK, Poland, Italy, Spain, China, and Latin America. There are three variants of this trojan, BRATA.A, BRATA.B, and BRATA.C. The first BRATA.A was used in the past few months that adds a GPS tracking feature and can perform a factory reset. BRATA.B also has the same capabilities and has more obfuscated code and tailored overlay pages for a few banks to get login details. BRATA.C uses a primary app; it installs the secondary app with malware. The best way to avoid all this is to always check which apps are providing accessibility or admin access on smartphones. A security firm reported that this banking malware makes use of the service permissions to hack your device. A report stated: “Through BRATA, TAs will obtain Accessibility Service permissions during the installation phases to observe the activity performed by the victim and/or use the VNC module to retrieve private information shown in the device’s screen (Example: bank account balance, transaction history, and more).” This trojan was first spread through push notifications on compromised websites and Google Play or other third-party Android stores. It has spread via SMS and popular messaging apps like Whatsapp. Currently, it is not known whether the same method is used to spread this or not. It is said that some of them are getting phishing text messages that look like banking alerts.