Malware that resets your smartphone after stealing all your bank deposits
The remote access Trojan 'BRATA', which has been rampant on Android for nearly three years, has been upgraded. The new BRATA variant has been confirmed to have the ability to take away all bank deposits and restore the smartphone to its factory state.
How BRATA is monitoring your bank account | Cleafy Labs
Android malware can factory-reset phones after draining bank accounts | Ars Technica
https://arstechnica.com/information-technology/2022/01/android-malware-can-factory-reset-phones-after-draining-bank-accounts/
BRATA is the first malware for Android reported by security giant Kaspersky in January 2019. The functions that were confirmed at that time were taking screenshots and unlocking, stealing device information, launching / uninstalling applications, sending texts, etc., which expanded mainly in Brazil, so the 'Brazilian Remote Administration Tool Android' It was named 'BRATA' by taking the acronym of '(Brazil's remote control virus for Android)'.
In the latest report on BRATA, it became clear that the functions of 'stealing deposits from bank apps' and 'returning the smartphone itself to the factory default state and erasing all evidence' have been added. Security company Cleafy detected three variants in December 2021, 'BRATA.A', 'BRATA.B' and 'BRATA.C', which BRATA.A has GPS tracking and smartphones at the factory. In addition to the above-mentioned functions, BRATA.B has a function to capture and steal bank login information, and BRATA.C has a function to act as a stepping stone to install malicious malware later. Has been confirmed.
In BRATA.B, which is said to be the most threatening, it has been confirmed that all keystrokes are sent when operating the bank application with an infected smartphone, and unauthorized remittance of bank deposits using stolen information is possible. It is said that it is equipped with a mechanism to activate the factory reset when it is completed. At the time of the announcement, the GPS tracking function installed in BRATA.A and BRATA.B was 'unclear what the intention was', and Cleafy said, 'It is malicious to utilize the GPS tracking function later. I expect that features will be added. '
The original BRATA confirmed in 2019 was spreading on Google Play and third-party app stores, but the new BRATA is spreading through phishing messages disguised as warnings from banks instead of these app stores. That. As mentioned above, the original BRATA was a malware that spread in Brazil, but since BRATA.B is now operating at banks and financial institutions in the United Kingdom, Poland, Italy and Latin America, we are increasing the coverage area. It is suggested that.
Related Posts:
in Security, Posted by darkhorse_log