Skip to main content

Those Doing Bank Transactions through the Internet, Beware; Mobile Banking Malware Gains New, Dangerous Capabilities.




The Android malware tracked as BRATA has been updated with new features that grants it the ability to track device locations and even perform a factory reset in an apparent bid to cover up fraudulent wire transfers.


The latest variants, detected late last year, are said to be distributed through a downloader to avoid being detected by security software, Italian cybersecurity firm Cleafy said in a technical write-up. Targets include banks and financial institutions in the U.K., Poland, Italy, and Latin America.


"What makes Android RAT so interesting for attackers is its capability to operate directly on the victim devices instead of using a new device," Cleafy researchers noted in December 2021. "By doing so, Threat Actors (TAs) can drastically reduce the possibility of being flagged "as suspicious", since the device's fingerprinting is already known to the bank."


First seen in the wild at the end of 2018 and short for "Brazilian Remote Access Tool Android," BRATA initially targeted users in Brazil and then rapidly evolved into a feature-packed banking trojan. Over the years, the malware has received numerous upgrades and changes, while also posing as security scanner apps to elude detection.


BRATA

The latest "tailored" samples of BRATA set aim at different countries and constitute an initial dropper — a security app dubbed "iSecurity" — that remains undetected by virtually all malware scanning engines and is used to download and execute the real malicious software.


"After the victim installs the downloader app, it requires accepting just one permission to download and install the malicious application from an untrusted source," the researchers said. "When the victim clicks on the install button, the downloader app sends a GET request to the C2 server to download the malicious .APK."


BRATA, like other banking trojans observed in the wild, is known to abuse its Accessibility Service permissions obtained during the installation phase to monitor the user's activity on the compromised device stealthily.


Furthermore, the new versions have incorporated a kill switch mechanism that allows the operators to restore the Android phone to its factory settings upon successfully completing a fraudulent wire transfer or in scenarios where the application is installed in a virtual environment.


"BRATA is trying to reach out to new targets and to develop new features," the researchers said, adding threat actors are "leveraging this banking trojan for performing frauds, typically through unauthorized wire transfer (e.g., SEPA) or through Instant Payments, using a wide network of money mules accounts in multiple European countries."



#THN


#osutayusuf

Comments

Popular posts from this blog

Escaped Murder Suspect Finally Arrested in Yumbe Regional Referral Hospital, Yumbe District.

Story by Osuta Yusuf. 19-November-2024. 📸: Eyotre Kennedy handcuffed on bed while receiving medication this morning at Yumbe Regional Referral Hospital in Yumbe District. Eyotre Kennedy originating from Etoko village, Nyoroo Parish, Nyadri Sub-county in Maracha District who has for many years been terrorizing residents in his village, has finally been arrested this Monday morning 19-November-2024 while receiving treatment at Yumbe Regional Referral Hospital in Yumbe District following injuries he sustained from Theft mission on Saturday night 16-November-2024 in Owapi village, Azapi parish in Odupi Sub-county, Terego East Constituency in Terego District. Click here on the link  https://informationispowah.blogspot.com/2024/11/fugitive-who-chopped-3-people-killed.html   to read the story on his Theft of Goats in Terego. Upon getting cut on the finger and leg by the Mob as he attempted to fight and overpower owner of the goats he attempted to steal on Saturday night ...

41-Years-Old Man Digs His Own Grave in Maracha District.

Story by Osuta Yusuf.  Maracha District.  📸: The grave been dug by Mr Opiga Michael, a victim of frustration. Photo taken by Osuta Yusuf , on Wednesday 11-September-2024. The residents of Ebapi village, Baria Parish in Nyadri Sub-county, Maracha east constituency, Maracha District are in shock after a 41 year old man started digging his own grave. The man, identified as Mr Opiga Michael, who seems to be frustrated over some challenges in life, started digging his own grave on Tuesday 10-September-2024 until he was stopped by the elders in Nyaria clan. 📸: Opiga Michael, the Victim of Frustration. Photo by Osuta Yusuf , Information is Power. While speaking to our reporter on Wednesday evening 11-September-2024, Mr Opiga Michael, said, his main plan  was to commit suicide after finishing digging the grave for burying himself, explained that, he feels frustrated, abandoned and hated by his own clan people, whom he accused of piling lies against him a...

Wedded Ayivu West MP Lematia John Fights Over Another Woman.

  📸: Hon Lematia John. By URN. Police in Arua district are investigating a case of assault and threatening violence involving the Member of Parliament for Ayivu West Constituency John Lematia and James Ariko, a DSTV technician in Arua city. Drama ensued on Easter Sunday 31-3-2024 at Dream Land Hotel located at Kuluva trading center along Arua-Nebbi highway in Arua district when the legislator and the technician engaged in a fight reportedly over a woman identified as Faith Eyotaru 25, a relationship officer at Victoria University Kampala. The scuffle started after Ayivu West Mp John Lematia went to swim at Dreamland Hotel with Faith Eyotaru only to find Ariko, who had gone to the same hotel earlier. However, upon seeing the duo coming out of the vehicle, Ariko confronted Lematia with both men claiming to be having a relationship with the lady. It took the intervention of the staff at the hotel who intervened and separated the fight between the men. Josephine Angucia, the West Nil...