Hannah Grace Tech 01.25.2022 21:Jan PM EST

Beware the BRATA Android Trojan: How This Cruel Malware Wipes Your Bank and Phone Clean

A new BRATA Android trojan feature has showed that it can wipe your bank accounts and leave your phone clean on its own. Fortunately, there are ways to prevent this trojan malware from infecting your device.

BRATA Android Trojan

According to Kaspersky, "BRATA" is a new malware family for Android remote access tools. Kaspersky explains that "Brazilian RAT Android" was the code name they chose based on its description.

It primarily targets victims in Brazil, but the hackers behind it can theoretically use it to attack any other Android user. Since January 2019, it has been widely distributed both through the Google Play Store and other unauthorized Android app shops. It should be noted that the malware requires Android Lollipop 5.0 or higher to run properly.

BRATA's cybercriminals employ a limited number of infection vectors. They employ push notifications on infected websites.They also utilize messages sent via WhatsApp or SMS as well as paid urls in Google searches to propagate the virus.

In addition to this, it appears that the BRATA Android trojan has also evolved, aiming to wipe your bank accounts and leave your phone clean.

Moreover, security firm Cleafy discovered a new BRATA version popularized last month. According to their findings, it was spread using a downloader, which was done in order to prevent detection by anti-virus software.

More banks and financial institutions from countries such as the United Kingdom and italy, as well as Latin America have been added to the target list.

How Does BRATA Android Trojan Works

According to Cleafy, through a report by Bleeping Computer, the features of the new BRATA version includes keylogging capabilities, which compliments the current screen capturing function. Additionally, it also has GPS tracking.

Surprisingly, what can be considered its scariest feature is the fact that it can perform factory resets on its own, which the actors do under some conditions.

One of the conditions in which this can be performed is when the compromise was effectively accomplished, and the fraudulent transaction has come to an end.

The other condition is when the application has discovered that it is being executed in a virtual environment, most likely for the purposes of analysis.

ZDNet further emphasizes that BRATA impersonates a real security program and proposes that the victim grant it the powerful Android "device admin" permission. Granting this permission allows the app to delete all data, change the screen lock, and set password rules.

Factory resets are used by BRATA as a self-protection kill switch, but because they wipe the device, they also expose the victim to the risk of a sudden and irreversible data loss.

In terms of how this malware originates, BRATA is propagated via SMS that impersonates a bank and contains a link to a website where the victim is tricked into downloading an anti-spam program.

The fraudsters then call the victim and persuade them to download a banking trojan app, which allows the attacker to steal the bank's second-factor authentication codes and use them to commit fraud.

How to Avoid BRATA Android Trojan

BRATA is just one of numerous Android banking trojans and undetectable RATs spreading in the public that are stealing people's financial information, per Bleeping Computer.

Installing apps from the Google Play Store, avoiding APKs from dodgy websites, and scanning them first using an antivirus tool before opening them are the best ways to prevent being compromised by Android malware.

Users should also pay close attention to the permissions that are requested during installation. It is good practice to not allow those that do not appear to be necessary for the app's basic functionality.

Finally, it is important to look out for energy usage and network traffic to spot any unusual increases that could be caused by malicious activities operating in the background.