A new cyber threat is emerging for Android users: it is Brata, a bank fraud Trojan that has actually been around for at least three years but has now been updated and modified to be even more dangerous. Besides in fact compromise the accounts of any home banking servicesmalware capable of rdelete the devices on which it is installed restoring them to factory settings and thereby deleting all user content and data.

Brata was first described in 2019 by Kaspersky security analysts, who then pointed out that the malware targeted individuals with Brazilian bank accounts. The diffusion took place through Google Play and through third party marketplaces, but also through compromised websites and links sent through messaging applications.

The problem now that Brata is back in the limelight is with new features, including the ability to completely restore infected devices. The purpose here is to eliminate any trace after making an unauthorized transfer e make the operations necessary to verify and contain any fraud more difficult for the victim.

But among the other features that enrich the new version of Brata there is also the ability to track the GPS position of the device, communicate in a more stable manner with the command and control servers and constantly monitor the banking applications of the victim by also exploiting keylogging to steal authentication information. And with the new update, Brata becomes a more global threat: now able, in fact, to target bank accounts located in Europe and the United States, as well as those in Latin America.







For this release, there is still no evidence that the malware spreads via Google Play or other third-party marketplaces. The main vehicle for the circulation of malware now appears to be messages Phishing SMS masquerading as banking communications. And there would be at least three variants of Brata in circulation, all undetected until the security company Cleafy failed to identify them. In particular, Cleafy warns that some variants are in circulation specifically addressed to users in certain countries, including Italy.

Since the spread of malware mainly occurs, as mentioned, via bogus SMS, the warning to pay close attention to any banking communication you may receive (not just via SMS). From Cleafy’s analyzes it seems that the fake messages lead to the download of equally bogus applications for “additional security”, but the suggestion is to adopt a certain level of mistrust even in the face of bank communications that seem legitimate.