This virus for Android is not only stealing your data, but also erasing your mobile

An Android malware named BRATA includes new and dangerous features to its latest version. Among them, GPS tracking and even a function that performs a factory reset of your mobile in order to erase all traces.

Malware is a malicious program that can affect different electronic devices such as computers, tablets or mobile phones. A term that encompasses any type of malicious software that can harm a system.

Malware BRATA

This virus for Android is not only stealing your data

A malware discovered by Kaspersky in 2019 as an Android RAT specially targeting Brazilian users. It was not until December 2021 that a Cleafy report warned of its appearance in Europe. Moment in which the BRATA malware attacked electronic banking users by stealing their access credentials with the collaboration of fraudsters posing as agents of the affected banks themselves.

Following its discovery in Europe, Cleafy analysts have continued to closely monitor BRATA malware for new features. A recently published report shows us the new features of BRATA.

Custom versions and new features

According to Cleafy’s report, the latest versions of BRATA are aimed at online banking in Latin America, China, the United Kingdom, Poland, Italy and Spain . Each malware variant targets different banks with dedicated overlay sets in multiple languages and even different apps to target a specific audience.

Fraudsters and authors use very similar obfuscation techniques in all versions such as wrapping APK files in an encrypted JAR or DEX package. In this way they successfully ensure that the virus is not detected. Before extracting the data, the BRATA malware looks for signs of AV presence on the mobile and tries to remove the detected security tools.

Among the new features detected, the keylogging functionality complemented by the screen capture function already existing in previous versions of the malware stands out. The new variants also feature GPS tracking . Although the most dangerous of all of them is performing factory resets of the devices.

Versiones malware BRATA

Hackers do this in two scenarios: when credentials are leaked and when the app detects that it is running in a virtual environment for analysis. This feature can lead to immediate stealthy data loss for victims. Finally, another of the new functions is that of new communication channels in order to exchange data with the C2 server, which is now compatible with HTTP and WebSockets.

The WebSockets option offers a direct, low-latency channel ideal for real-time communication and live manual exploitation. In addition, the volume of suspicious network traffic is reduced, which means that the chances of being detected are reduced.

BRATA is just one of many Android banking Trojans out there today. the best way to avoid getting infected is to avoid APKs from dubious websites and always scan them with an AV tool before opening them. It is also advisable to pay attention to the installations you make on your mobile phone, especially the permissions that are requested, in addition to monitoring battery consumption and traffic volume in order to detect spikes that may be related to malicious processes in the background. flat.