An Android scam was identified recently, in which it can install malware by answering a phone call.
In addition to this, there are several warning signs as well as tips on how to avoid the said malware named BRATA.
Android Scam Installs Malware Through Fake Calls
In Italy, the BRATA Android remote access trojan has been discovered, with malicious hackers calling SMS victims to steal their digital banking details, per Bleeping Computer.
According to a study conducted by Cleafy experts, the Android malware is now widely circulated and it can go unnoticed even by the majority of AV scanners.
The study furthered that BRATA was previously only visible in Brazil, where it was distributed through Google Play Store applications. Due to the capability that this Android malware brings, it seems that its developers are now offering this to international operators.
In June 2021, this Android scam was discovered using SMS phishing, also known as smishing, to distribute various Android applications.
Most of the infected programs were marketed as anti-spam software and were branded Sicurezza Dispositivo, which means Device Security.
To give further detail on its detection, the Android malware's initial wave failed in AV detection, with a 50 percent rate in Virus Total.
Virus Total is a website developed by Hispasec Sistemas, a Spanish security firm. It can help identify dangerous information as well as detect false positives, which are typical and harmless objects that have been flagged as malicious by one or more scanners.
Because of this detection rate, a second wave was launched in mid-October, utilizing a different variation.
Through this, researchers have found out that the perpetrators broadened their targeting range in the second wave, increasing the number of targeted banking firms.
Warnings Signs of the BRATA Malware
The Android scam commences through an unsolicited SMS text that directs users to a malicious website. The said SMS pretends to be a bank message advising the receiver to download an anti-spam program.
The link directs the user to a website where they can install the BRATA malware manually or through a phishing page where they can enter their bank information.
During this phase, the malicious hackers will call their target and pretend to be bank employees, providing assistance with downloading the app.
To permit the attacker to take complete control of the hacked device, the installed Android malware involves numerous rights. The said rights include accessing the Accessibility services, the ability to see and send SMS, make phone calls and record screen activity.
In relation to this, Cleafy has shared information on the capabilities of this Android scam.
- It can uninstall certain programs, specifically, antivirus.
- It can turn off Google Play Protect to prevent being marked as a suspicious app.
- It can unlock the device by itself even if it is protected by a secret pin or pattern.
- It can modify the device's setting.
3 Ways to Avoid BRATA Malware
Since attackers target mobile mostly, PC users will not be affected, per Bleeping Computer.
3. Do Not Open the Link Attached in an SMS
The website will not be available if Android users start opening the link in the SMS on a desktop or laptop. This is a straightforward technique of validating incoming communications.
2. Do Not Install Any App Recommended Through Call
It is worth noting that no bank ever recommends installing any software besides the bank's legitimate e-banking application.
The said legitimate app is available on the Play Store/App Store and can be accessed through the bank's official website.
1. Pay Attention to the App Permissions Asked
Lastly, Android users should give attention to the characteristics of authorization asked when installing an app and assess if it is necessary for the program to work.
If an app asks for several permissions which are not relevant to its functioning, Bleeping Computer is advised not to install it.