One of the most terrible Android Trojans just got nastier

One of the most terrible Android Trojans just got nastier

One of the most terrible Android banking Trojans has been detected with a major update, making it an even bigger threat.

To make matters worse, BRATA is no longer exclusively focused on Brazilian banks, but has instead set its sights on UK banks, as well as Spain and Italy.

Research by cyber security experts Cleafy indicates that the Brazilian remote access tool for Android, AKA BRATA, has been observed with new methods of obtaining GPS location data, new ways of sending and receiving SMS messages and new ways of obtain much-needed permits. To top it off, BRATA is also capable of deploying additional malware (opens in a new tab), with the ability to log events on the target endpoint (opens in a new tab).

It uses a separate but related app to read SMS messages, access two-factor authentication codes, as well as one-time passcodes. This app is also used to get contact details of potential victims in the UK, Spain and Italy.

Factory reset of compromised devices

The Trojan is distributed via phishing text messages, pretending to be from the target bank and with a download link, while the entire campaign is also accompanied by phishing pages, pretending to be from the targeted banks.

But perhaps the biggest danger of BRATA is that if it manages to wipe funds (opens in new tab) from a target account, or detects an antivirus (opens in new tab) looking for it, BRATA will restore the device. to factory settings, erasing all content on the device.

The attackers will first target customers of a specific bank for a few months and then move on to a different target, the researchers said.

"The modus operandi now fits into an Advanced Persistent Threat (APT) activity model. This term is used to describe an attack campaign in which criminals establish a long-term presence on a targeted network to steal sensitive information," said Cleafy (opens in a new tab).

"The threat actors behind BRATA now target one specific financial institution at a time and only change direction once the targeted victim begins to implement consistent countermeasures against them. They then move their focus away to find a target and infection strategies different," he said. he concluded.

Via: ZDNet (Opens in a new tab)