Malware is a malicious program that can affect different electronic devices such as computers, tablets or mobile phones. A term that encompasses any kind of malicious software that can damage a system.
a malware discovered by Kaspersky in 2019 as an Android RAT aimed especially at Brazilian users. It was not until December 2021 that a Cleafy report warned of its appearance in Europe. Moment in which the BRATA malware attacked electronic banking users by stealing their access credentials with the collaboration of fraudsters posing as agents of the affected banks themselves.
Following its discovery in Europe, Cleafy analysts have continued to closely monitor BRATA malware for new features. A recently published report shows us the new features of BRATA.
Custom versions and new features
According to Cleafy’s report the latest versions of BRATA are aimed at the online banking in Latin America, China, UK, Poland, Italy and Spain. Each malware variant targets different banks with dedicated overlay sets in multiple languages and even different apps to target a specific audience.
Fraudsters and perpetrators use obfuscation techniques very similar in all versions such as wrapping APK files in an encrypted JAR or DEX package. In this way they successfully ensure that the virus is not detected. Before extracting the data, the BRATA malware looks for signs of AV presence on the mobile and tries to remove the detected security tools.
Among the new features detected is the keylogging functionality complemented by the already existing screenshot function in previous versions of the malware. The new variants also feature GPS tracking. Although the most dangerous of all of them is performing factory resets of the devices.
Hackers do this in two scenarios: when credentials are leaked and when the app detects that it is running in a virtual environment for analysis. This function can be a stealthy immediate data loss for the victims. Finally, another of the new functions is that of new communication channels in order to exchange data with the C2 server, which is now compatible with HTTP and WebSockets.
The WebSockets option offers a direct, low-latency channel ideal for real-time communication and live manual exploitation. In addition, the volume of suspicious network traffic is reduced, which means that the chances of being detected are reduced.
BRATA is just one of many Android banking Trojans that currently exist. the best way to avoid getting infected is to avoid APKs from dubious websites and always scan them with an AV tool before opening them. It is also advisable to pay attention to the installations you make on your mobile phone, especially the permissions that are requested, in addition to monitoring battery consumption and traffic volume in order to detect spikes that may be related to malicious processes in the background. flat.