A dangerous Android malware that tricks users into handing over sensitive financial data has evolved and added new two new severe capabilities to its arsenal — factory reset to wipe all traces of malware activity on the phone and track users via GPS. BRATA — which is short for Brazilian RAT Android — is a type of Android Remote Access Tool (RAT) that was first spotted by Kaspersky researchers in 2019. BRATA was mainly being delivered via the Google Play Store, and its variants were mainly distributed as fake updates for popular apps like WhatsApp.
Once executed, it allows a bad actor to unlock the target's phone, extract information by logging their keystrokes, and even turn off the screen while secretly running tasks in the background. Initially spotted wreaking havoc in Brazil, malicious parties weaponizing BRATA were also observed sending messages to targets in Italy last year. The fake SMS led users to a website where they were asked to download a fake anti-spam app to get the malware package on the victim's phone or directed them to a website where they were asked to enter their financial information.
Related: 'Zero-click Attacks:' What They Are and How to Protect Yourself
Now, the cybersecurity experts over at Cleafy say BRATA has evolved to add some scary new abilities. First, the malware can reset the victim's phone to factory settings, deleting any trace of infection and unauthorized transactions. The notorious Pegasus spyware that was recently deployed to spy on activists, journalists, and dissidents in multiple countries, also has a self-destruct feature to remove traces of surveillance. In BRATA's case, Cleafy identified three strains with BRATA.A said to be capable of GPS tracking and executing a factory
Read more on screenrant.com