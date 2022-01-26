BRATA malware for Android continues to evolve and is now capable of doing a full phone reset and tracking GPS. Its field of activity remains that of e-banking, especially in Italy.

First met by Kaspersky in 2019, BRATA returned in June 2021. Cybersecurity firm Cleafy noticed this and wrote a report on the characteristics of the malware in December.

That SMS doesn’t come from the bank



BRATA comes via a fake SMS from the bank inviting you to download an additional app called “Device Security”, “AntiSPAM” or “Advanced Security”.

The app is downloaded via a web page that can only be visited by phone which is also able to acquire the tax code and the security questions of the bank account because the user will enter them in the appropriate fields.

Open original

Once the app has been downloaded, it will ask a series of permissions, including those on SMS and voice call management. Among other things, the fraudulent app in APK format is “wrapped” in a JAR or DEX package, and this feature allows it to bypass detection by antivirus.

At this point the malware is active and is able to intercept the SMS, steal the two-factor authentication code sent by the bank and, given that can record phone screenallows you to use social engineering techniques to make users believe they are in communication with operators legitimate of the bank.

Now reset your phone and track the GPS



The new evolution of BRATA has given malware the ability to perform a factory reset of the phone to erase its traces after a money transfer attempt. It can also track the phone’s GPS and use multiple communication channels (HTTP and TCP) between the phone and the cybercriminal server.

Furthermore, can continuously monitor the victim’s banking app through Virtual Network Computing (VNC) and keylogging techniques, that is, it is able to read the keys pressed by the user.

BRATA is certainly active in Italy and Latin America, and is now expanding into the UK and Poland. The advice to avoid malware is to not download any app recommended by an SMS coming from the bank and always install the apps from the Google Play Store.