Occasionally they spread into Net news of troubling malware campaigns putting Android users’ data (or even checking accounts) at risk and a team of researchers from Cleafy he announced that a new pitfall that has as its name has landed in our country as well BRATA.

It is a malware that is difficult to detect and which is definitely dangerous, as thanks to it the attacker on duty could be able to withdraw money from the victim’s bank account.

How BRATA malware works

The BRATA attack begins by sending an SMS that appears to come from a bank and contains the link to a website and, should the victim click on the link, the site in question will ask them to download a ‘anti-spam app, adding that a bank operator will contact her soon to discuss the app she is downloading.

And indeed the call in question really comes and a real person will try to convince the victim to download that app which, if it were to be installed, would allow hackers to take control of the phone.

Here’s what BRATA might be able to do:

intercept SMS messages to forward them to a C2 server (this function is used to get the bank to send 2FA passwords via SMS during the login phase or to confirm money transactions)

record the screen and transmit the same, in order to allow hackers to capture any sensitive information displayed on the display

remove himself from the compromised device to reduce the chance of detection

uninstall specific applications (such as antivirus)

disable Google Play Protect to avoid being reported as a suspicious app

change device settings to get more privileges

unlock the device if it is locked with a pin or pattern

According to the Cleafy team of researchers, the new reports related to the BRATA malware come from Italy, Lithuania and the Netherlands. The advice, therefore, is to always pay close attention to SMS containing links.

For more information on how BRATA works, please refer to the article published by Cleafy.