Last year we told you about BRATA, a dangerous Trojan that got installed in Google Play and was able to control our Android device. Since 2018, it started in Brazil and eventually reached Spain, having again evolved to become even more dangerous, as we read on ZDnet.
BRATA is still far from eradicated, and returns to the fray with an even more aggressive behavior. According to the latest research, it is now able to factory reset the phone to prevent victims from quickly undoing transactions.
More and more aggressive malware
From the security company Cleafy, they once again analyzed the behavior of different variants of BRATA, a still-living malware. His behavior has changed and he is now able to do a factory reset. This erases all traces of its activity on the phone, running just after making an illicit bank transfer or capturing the user’s bank details.
Accessibility permission is the trickiest in Android, it allows apps to have full control over the device
As we are used to seeing, unfortunately, in this type of fraudulent application, BRATA uses Android’s “device administrator” permission, which gives applications full access to all functions of the phone. This is the same authorization that Flubot, the fake FedEx SMS Trojan, was so dangerous for.
Although BRATA has started spreading in some apps in the Play Store, it is now able to be distributed via SMS, posing as a bank. A method similar to the fake SMS scam of BBVA and Santander, which affects many users in Spain. If we open the link and grant permissions, you can read every keystroke on the phone, freely operate the system and even restore it to factory.
In case you receive such an SMS, never give such permission, because a message from the bank will never ask you for full control over the device. The same goes for applications downloaded from the Play Store that do not require these permissions for their operation (keyboards, wallpaper applications, etc.). Avoiding malware on Android is possible, but you have to be careful.
Through | ZDnetComment