The Android malware known as BRATA has received dangerous new features, including GPS tracking, the ability to use multiple communication channels, and a feature that resets the device to remove all traces of malicious activity.
The BRATA malware was first spotted by Kaspersky Lab back in 2019 as an Android RAT (Remote Access Tool) that was mainly aimed at Brazilian users. In December 2021, a Cleafy report highlighted the emergence of malware in Europe and was also seen to target e-banking users and steal their credentials, involving scammers posing as bank help desk employees.
Now it has become known that the latest versions of the BRATA malware are aimed at users of electronic banking services in the UK, Poland, Italy, Spain, China and Latin America. Each option caters to different banks with dedicated overlay sets, languages, and even different apps for the target audience.
The authors use similar obfuscation techniques across all versions, such as packaging the APK file into an encrypted JAR or DEX package. This allows you to successfully bypass detection by antivirus programs. BRATA actively searches for antiviruses present on the device and tries to remove them, and then starts stealing data. The feature list includes screen capture and keylogger, as well as GPS tracking. Also, the application can make a full reset of the gadget to factory settings. It is executed when the virus stole and transferred the user’s data. BRATA also deletes everything when it detects that they are trying to analyze it.
To avoid being infected with BRATA and other malware, experts recommend installing apps only from trusted publishers in the Google Play Store and scanning them with antiviruses before opening them.