BRATA bank fraud fraud has made headlines as it has been found to be still operational and targeted at Android users.
According to a new report from computer security company Cleafy, a new version of BRATA began circulating in December 2021, which reportedly stole users’ bank account details.
This trojan is a major threat as it also performs a factory reset and erases all data.
BRATA was first acquired by Kaspersky back in 2019. At that time, the trojan was targeting those based in Brazil.
Now, a new security research report states that a new BRATA alternative has been created to target different e-banking users living in the UK, Poland, Italy, Spain, China, and Latin America.
The bank trojan was originally distributed with app notifications on corrupted websites, as well as Google Play or other third-party Android stores, according to Kaspersky.
It also spread via SMS and popular messaging apps like Android WhatsApp. For example, an SMS is sent to bankers to make them more trustworthy.
Contains a link to the website where the victim was asked to download an anti-spam app. The victims were then tricked into installing a banking trojan app.
At present, it is not known if the attackers are still using the same method to spread this. It is alleged that some received messages from criminals stealing sensitive information hidden as bank warnings.
Cleary reported that the new bank trojan is still being downloaded with a downloader, which can even bypass antivirus solutions.
There are now three types of this trojan. The quoted source states that BRATA.A was used a few months ago. Adds GPS tracking feature and has the ability to perform a factory reset.
There is also BRATA.B which is similarly powerful, but has a blurred code and uses well-designed overlay pages for certain banks to access login details.
BRATA basically helps to run malware on smartphones. This exception includes a second application with a malware program using the main application the victim was asked to download.
To avoid getting caught up in all of this, one should always check which apps are being offered access or administrator access to their smartphones.
The security company has reported that this bank trojan uses accessibility permissions to monitor everything on your screen.
“With BRATA, TAs will receive Accessibility Permissions within the installation stages to identify victim activity and / or use the VNC module to access confidential information displayed on the device screen (Example: bank account balance, transaction history, etc.)
