Not only the operating system and software, malware is also constantly being updated so that its capabilities become even more terrible. Like the BRATA malware, the latest variation can delete data on the cellphone after breaking into the victim's account.
Android malware victims are usually asked to do a factory reset to clean their phones from infection. But the BRATA malware performs a factory reset to cover its tracks after sending money from its victim's bank account.
BRATA, or Brazilian Android RAT, was first discovered by Kaspersky researchers in 2019. At that time this malware only targeted Android users in Brazil, but now its scope has expanded to include banks and financial institutions in the UK, Poland, Italy, and Latin America.
Cybersecurity company Cleafy found the BRATA malware is now developed and has three variants. There are also more and more features ranging from factory reset capabilities, GPS tracking, recording keylogs, and avoiding antivirus detection.
This malware is spread via SMS pretending to be a bank and containing a link to download a bogus anti-spam application called 'iSecurity'. This application is then used to download and execute malicious software.
"Once the victim installs the downloader application, it only requires one permission to download and install malicious applications from untrusted sources," Cleafy said in his blog, as quoted by The Hacker News, Wednesday (26/1/2022).
"When the victim clicks the install button, the downloader application will send a GET request to the C2 (command-and-control) server to download the malicious APK," he continued.
The BRATA malware can then peek into the victim's bank account after getting Android Accessibility Services permission. This malware can also take screenshots of the victim's screen and send this information to a hacker-controlled server.
To perform a factory reset, this malware tricks the user into gaining 'device admin' access which allows the app to wipe all data, change lock screen, and set password rules.
This factory reset attempt was carried out as a kill switch after the hacker managed to send money from the victim's account without their knowledge. With it, all evidence will be lost and victims will find it difficult to report the fraud.
To avoid Android malware attacks like BRATA there are several things users can do. The best way is to install apps from the Google Play Store, avoid downloading APKs from untrusted sites, and always be scanned using antivirus apps.
During the installation process, pay attention to the access permissions requested and do not grant access for permissions that are not in accordance with the application function. Finally, pay attention to battery consumption and traffic volume to identify if any malicious processes are running silently.