Image: Getty Images/iStockphoto
A nasty Android banking trojan that is best known for wiping smartphones to cover its tracks has gained several new features to improve its ability at phishing online-banking credentials, intercepting SMS two-factor authentication codes, and more.
The BRATA or the ‘Brazilian Remote Access Tool, Android’ has been circulating since at least 2019, initially as spyware although it later became a banking trojan.
Researchers at Cleafy, an Italian cybersecurity firm, last year discovered BRATA’s makers had started abusing Android’s factory reset to prevent victims from discovering, reporting and preventing unauthorized wire transfers.
The factory reset was executed after a successful illicit wire transfer or when the malware detected analysis by installed security software.
BRATA originally targeted customers from Brazilian banks only, but Cleafy reported that it started targeting customers of UK, Spanish and British banking brands more recently.
The malware was spread through fraudulent SMS messages purporting to be from a target’s bank, but which actually contained a link that would download BRATA.
According to Cleafy researchers, a new variant spreading across Europe features new phishing pages mimicking targeted banks, new methods of acquiring permissions to access GPS location data, and new ways to send and receive SMS, and gain device management permissions. It also gained the ability to sideload a second-stage piece of malware from its command and control