Due to its enormous distribution, Google’s Android operating system is a popular target for malware, which has unfortunately become more and more sophisticated and dangerous in recent years. Several variants of malware are currently spreading, which not only want to spy on users’ bank details but then completely cover their own tracks so as not to be discovered.
On the one hand, malware has it easy on Android and, on the other hand, it is difficult thanks to Google’s strong protective measures: Anyone who only obtains apps via the Google Play Store has gained a lot in security. But with externally sourced apps, users first have to grant the vast majority of access and authorizations. Unfortunately, it is still common today for users to obtain supposed protection apps from external sources and grant them all the required permissions. Then there isn’t much you can do…
The BRATA malware, which in the original version was mainly intended to spy on the user’s bank details, is currently spreading. This is still the case today in the BRATA.a, .b and .c variants, because it is the part of such software that is, unfortunately, “worthwhile” for the sender. But the new variants rely primarily on completely disguising their tracks so that they cannot be discovered. This means even more problems for the user.
After the malware has reached its target and sniffed data, BRATA.a can reset the smartphone completely and without further user consent. It is the variant that is currently the most widespread. This ensures that the user is annoyed by the reset smartphone and may not even notice that much more trouble is imminent.
BRATA.b works in a similar way but is intended to imitate banking websites even more credibly. Doesn’t change much in the procedure, but could ensure that this variant is even more effective for the initiators behind it. Variant C should even rely on two apps so that the user only has to assign a single authorization and everything else happens through the interaction of the two apps. Details are not known.
How BRATA gets onto smartphones
The BRATA malware probably gets onto smartphones mainly via links in SMS messages. Clicking on the link leads to a website that suggests downloading anti-malware, anti-spam, or anti-virus software. Of course, the download then takes place from an external source and then many authorizations have to be assigned. Those are at least four steps that should set off alarm bells.
If you or someone close to you suddenly has a reset smartphone for any reason, then let the alarm bells ring really loud and change the most important passwords – especially for online banking.