BRATA is a remote access trojan malware which first made the news back in 2019. It was used to record a victim’s screen without them noticing. It spread through the Google Play Store, posing as a fake WhatsApp update, which caused over 10,000 devices to be affected. Now, an updated version of that malware called BRATA (Brazilian Remote Access Tool) is spreading across the world.
BRATA steals your banking and financial information. It then automatically wipes your phone, leaving no trace of the trojan. It appears in the form of a text message from your bank asking you to download the bank app from the provided link.
First noticed by Italian cybersecurity company Cleafy, this new version of BRATA uses Advanced Persistent Technique (APT) and allows the hackers to stay on an infected network for a long period of time.
According to Cleafy, this new version of BRATA first came up in December 2021. The trojan has now spread across the U.K., Poland, Italy and Latin America.
In a report, Cleafy stated, "The modus operandi now fits into an Advanced Persistent Threat (APT) activity pattern.”
"This term is used to describe an attack campaign in which criminals establish a long-term presence on a targeted network to steal sensitive information,” the company added.
BRATA installs via a downloader app. It impersonates real applications for users to download. The app in itself isn’t a malware therefore, it is not flagged by the Google Play Store or your smartphone. When you install it, it asks for various permissions. As soon as you grant it those permissions, it installs the BRATA trojan on your smartphone.
This trojan allows cybercriminals to monitor your smartphone. When you login to a banking app, the trojan gets triggered and it copies
Read more on tech.hindustantimes.com