An old malware is ready to endanger your Android device. No, it’s something we don’t want coming to your phones so it’s best you know more about it. Called as BRATA, this Android malware will make your device do things unknowingly like factory reset, use multiple communication channels, and run GPS tracking. This BRATA isn’t exactly new. It was sighted in 2019 by Kaspersky. Back then, it was identified as an Android RAT. It was out in Brazil. It’s not totally eliminated as a report said the malware has once again emerged in Europe.
This time, the malware was spotted targeting e-banking consumers in Europe. It started in December last year. Some analysts from Cleafy are saying the malware is evolving with the newest versions now targeting e-banking users in a number of regions like China, Latin America, Spain, Italy, Poland, and the UK.
According to our source, these new variants target different banks. Each one has dedicated languages, overlay sets, and different apps. This allows them to attack different types of audiences. They are said to use obfuscation techniques like wrap an APK file in an encrypted JAR/DEX package. When BRATA is active, it can delete any available security tool. Once that part is done, it can start deleting data.
BRATA isn’t easily detected now because suspicious network traffic is reduced. What happens is the headers aren’t sent by WebSockets, resulting to reduced traffic. HTTP and WebSockets are supported by the C2 server that can exchange data, working as a new communication channel.
Cleafy researchers also mentioned new features of BRATA like keylogging functionality, GPS tracking, and factory resets. The last one can be really dangerous. The effect is wiping the device clean.
BRATA is present. You may want to check network traffic and battery consumption to see if there are any unusual activities. Such significant change may mean something “malicious” is happening.
You can also avoid this and other malware by getting and installing apps only from the Google Play Store. Make sure you check the requested permissions you give. Refrain getting APKs from unofficial websites. Use an AV tool so scan apps before launching them.