One of the most fearsome Android trojans around just got even nastier

BRATA makes sure that even restoring the device to factory settings isn’t enough

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

One of the most fearsome Android banking trojans has been spotted sporting a major upgrade, making it an even bigger threat.

To make matters worse, BRATA is no longer focused exclusively on Brazilian banks, but has rather set its sights on banks in the UK, as well as Spain, and Italy.

Research from cybersecurity experts Cleafy says the Brazilian Remote Access Tool for Android, AKA BRATA, was observed with new methods of obtaining GPS location data, new ways to send and receive SMS messages, and new ways to obtain much-needed permissions. To top it off, BRATA is capable of deploying additionalmalware, as well, with the ability to log events on the targetendpoint.

Share your thoughts on Cybersecurity and get a free copy of the Hacker’s Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at theend of this surveyto get the bookazine, worth $10.99/£10.99.

It uses a separate, but related, app to read SMS messages, getting access to two-factor authentication codes, as well as one-time passcodes. This app is also used to obtain contact details for potential victims in the UK, Spain, and Italy.

Factory resetting compromised devices

The trojan is distributed via phishing SMS messages, claiming to be from the target bank, and carrying a download link, while the entire campaign also comes with phishing pages, pretending to be from the targeted banks.

But perhaps the biggest danger coming from BRATA is the fact that if it is successful inwiping the fundsfrom a target account, or if it spots anantivirusscanning for it, BRATA will restore the device to factory settings, wiping all contents from the device.

The attackers will first target customers of a specific bank for a few months, and then move on to a different target, researchers said.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

This sophisticated new Android trojan threatens hundreds of financial apps>This nasty Android trojan tricks you with a fake Google Play Store page>This dangerous new Android trojan can hijack your Facebook account

“The modus operandi now fits into an Advanced Persistent Threat (APT) activity pattern. This term is used to describe an attack campaign in which criminals establish a long-term presence on a targeted network to steal sensitive information,” Cleafysaid.

“Threat actors behind BRATA now target a specific financial institution at a time, and change their focus only once the targeted victim starts to implement consistent countermeasures against them. Then, they move away from the spotlight, to come out with a different target and strategies of infections,” it concluded.

Via:ZDNet

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)