Kaspersky researchers discovered the Android malware BRATA in January 2019. It spread through the Google Play Store and belongs to an Android RAT (Remote Access Tool), originally targeting Brazil users, the Trojan features a unique ability to collect and forward banking information to its operators in real-time.
Security firm Cleafy reported in December 2021 that BRATA was starting to appear in places like Europe and adding more features, including the ability to wipe devices after stealing user data, track devices via GPS, and new obfuscation techniques.
The latest version of the Android malware, BRATA, can restore a device to its factory settings after stealing data, erasing all data on the device and masking its activity.
The latest version targets e-banking users in the UK, Poland, Italy, Spain, China and Latin America, with each variant targeting a different bank, using similar obfuscation techniques to evade detection by security software. It looks for traces of security programs on the device and removes security tools before performing an infiltration.
After a victim installs the downloader app, it only needs to accept permission to download and install malicious apps from an untrusted source, the researchers said.
Overall, Cleafy’s latest findings show that BRATA operators aim to expand the regional reach of their targets and plan to further develop the malware, with few signs of letting up in the near future.