The BRATA Trojan of Brazilian origin, designed to steal users' bank details, has been reinvented and has received a new variant that it brought to Spain and the restaurant from Europe through new techniques aimed at stealing account and credit card information. The virus, which only poses a threat to Android devices, was discovered in 2019 and, like so many other similar codes, has been mutating ever since in order to remain effective against developer targets.
The danger of BRATA is of such magnitude that it has come to be considered an Advanced Persistent Threat (APT) due to its recent activity patterns, according to experts from mobile cybersecurity firm Cleafy in their latest report.
This newly released nature implies the establishment of a long-term cyberattack campaign that focuses on stealing sensitive information from its victims. In reality, BRATA has targeted financial institutions, attacking one at a time. According to Cleafy's information, its main objects include Spain, Italy and the United Kingdom.
The study's researchers have found the current variant of BRATA on European territory in recent months, where it masquerades as a specific banking entity and has deployed three new capabilities. Like many others, the developers create a malicious page that tries to impersonate the official banking entity to deceive the user. The goal of cybercriminals is to steal the credentials of their victims. To do this, they send an SMS impersonating the entity, usually with a message that seeks to alarm them so that they act without thinking twice and click.
The new variant of BRATA also acts through a malicious messaging 'app' with which it shares the same infrastructure. Once installed on the device, the application asks the user to become their default messaging 'app'. If accepted, the authority will be sufficient to intercept incoming messages, as they will be sent by banks to require single-use codes and double authentication factor.
This new feature can be combined with the bank page recreated by cybercriminals to trick the user into gaining access to their banking information.
In addition to stealing banking credentials and monitoring incoming messages, Cleafy's experts suspect that the new BRATA variant is designed to spread its threat throughout the device and hijack data from other applications, and that once installed the ' rogue app' downloads an external payload that abuses the Accessibility Service.
