The BRATA Malware
A new pack of fraudulent Android applications that pretend to be android security scanners has been detected by researchers. The pack of harmful apps has been found in the official Play Store and has been used by malicious actors to distribute backdoor focused on collecting personal information from the compromised devices.
A quick analysis of the detected pack of threats has revealed that the bogus applications prompt users to update their Chrome browser, WhatsApp, or some other app on their Android device, but instead of doing that, the apps abuse the accessibility services and take full control of the device they are installed on.
Researchers are detecting a very interesting set of malicious features in these apps combining full device control functions with the ability to display phishing web pages that steal banking credentials, capture lock screen credentials (PINs, passwords, etc.), and keystrokes, and even recording the screen on the infected device to monitor the victim’s behavior without their consent.
The malicious applications that deliver backdoor typically use a fake warning stating that there is a vulnerability in a particular app installed on the Android device (WhatsApp, Chrome, etc.) and an update is needed to solve the security problems. As soon as the user installs the fake update to resolve this problem, a backdoor is secretly inserted.
These malicious applications have been mostly aimed at users in Brazil, Spain, and the USA. Reportedly, some of the bogus apps have already had 1,000 to 5,000 downloads.
The pack of malicious Android apps has first been identified in 2019 and since then has been known as BRATA, in short from “Brazilian Remote Access Tool Android”. Starting as malware for Android with screenshooting capabilities, the malicious pack has slowly evolved into a banking Trojan set of threats, researchers explain.
BRATA’s most recent versions often include additional encryption and obfuscation layers and tend to receive commands from remote malware-controlled servers. This, in turn, enables attackers to quickly upgrade the malware and hack the devices where BRATA apps are installed while remaining completely off the radar.