Gnarly Android malware gains the ability to reset your phone after robbing you

Smartphones are, well, smart — they can connect to the internet, access web servers, and download and upload data, so they’ll always be at risk ofpossible breaches. With an operating system as open-source and as widely adopted as Android, potential vulnerabilities are even greater, making the OS a perfect target for cyber-criminals. One particularly insidious flavor of malware is BRATA (Brazilian RAT Android), a trojan that’s historically been used to steal banking details and perpetrate unauthorized wire transfers on Android. The malware now looks to have evolved features and capabilities, including the ability to factory reset your device.

According to a report by security firmCleafy, BRATA has been updated to monitor victims’ bank applications continuously, perform GPS tracking and device factory resets, and maintain a persistent connection (perXDA Developers). Plus, different variants of the malware have been developed, targeting multiple regions including the UK, Poland, Spain, Italy, China, and Latin America. The adaptations seem to stem from three primary variants of BRATA (A, B, and C), as intercepted by Cleafy.

4

BRATA.A (the most prevalent) has gained the ability to both GPS-track victims’ devices and factory reset them. While the former is still in development, the latter is particularly worrying as it initiates after a successful bank fraud to prevent the victim from discovering that a malicious action has happened. BRATA.B has similar features but gains the ability to partially obscure code and use tailored overlay pages to steal the passcode to the targeted banking application. Finally, the BRATA.C variant displays an evolution in the infiltration method used by the RAT to avoid being detected upon installation. It uses an “initial dropper” (a primary app) that then downloads and installs a secondary app (the core BRATA app) containing the malware — all the primary app needs to pull off the heist is a single permission.

The report suggests that BRATA operators are looking to expand their regional scope and evolve the malware further — BRATA is expected to continue developing new features. In the meantime, you can protect your device by being careful about the apps you install and which permissions you grant access to. Never give accessibility permissions to any app you aren’t positive is legitimate, and be extra wary of apps hosted on third-party stores.

Google Home icon with some gadgets around it.

Generative AI, now poolside

Free screen and battery repairs inbound

Samsung Notes logo in front of image containing S Pen and devices using Samsung Notes

This article is sponsored by Total Wireless.

Goodbye, text-only analysis

Google Translate app’s home page with text, voice, and camera input options

EA has confirmed the early access release date for the next game in the Skate series

Samsung’s making a bold move

Article image