BRATA is the name of the new malware just arrived in Italy capable of stealing the bank details of Android users and therefore emptying their bank account. According to Cleafy’s cybersecurity experts, BRATA hails from Brazil and is part of a very extensive malware campaign that shows no signs of stopping. Over the past year, remote access trojan (RAT) infections have been countless. BRATA, however, represents a particularly insidious threat, including in its dynamic also the interview with a real person.
First, the attackers send the user the classic text message (SMS) containing a link to the alleged bank website. If the victim clicks on the link, they are redirected to download an anti-spam app with the promise that a banking operator will contact them as soon as possible to discuss the app in question. And the call actually arrives: on the other side of the handset, a real person tries to convince the user to download the application, using social engineering techniques to reassure him of his identity. If the user falls for it and installs the app, it can be used to control the phone remotely.
Join RealMi Central on Telegram, Facebook & Twitter
Specifically, BRATA is able to intercept SMS, record and transmit the screen, uninstall specific apps (eg antivirus), disable Google Play Protect to prevent the app from being marked as “suspicious”, hide the icon of the app, modify the device settings to obtain more privileges, unlock the device with a pin or a secret sequence.
BRATA started circulating in Brazil in 2019, but now the main target of victims has moved to Lithuania, the Netherlands and also Italy. The invitation, therefore, is to pay attention and not to click on the links contained in the messages of those who pretend to be your banking institution.