It is no secret to anyone that the most dangerous groups of threat actors in the world are always trying to evolve, making significant investments for the development of complex malware variants and the deployment of social engineering campaigns, so it is difficult to always stay protected from cyberattacks against computer systems, including smartphones.
A recent McAfee report points to the detection of a malicious campaign identified as Brazilian Remote Access Tool Android (BRATA), which combines an advanced malware variant and social engineering to infect thousands of devices, in addition to receiving constant maintenance from its developers.
As the name suggests, this malware variant specifically targeted Android users in Brazil using malicious apps available on Google Play, although in recent times it has been detected attacking users in the United States and Spain. The malicious payload is hidden in a supposed security scanner app that, when installed, asked users to install critical updates for other applications on the system, such as WhatsApp, Chrome or non-existent PDF readers on the target system.
If the target user falls into the trap, the infection is completed and begins to collect information from the target system, taking screenshots and intercepting passwords, patterns, keyboard logs and even recording the screen of the affected device, performing detailed monitoring of the compromised user. Among the main features of BRATA are:
- Hide and show incoming calls, reducing the volume of the device to zero and darkening the screen to the maximum
- Granting permissions on the system without the user’s knowledge
- Disabling the Google Play Store and Google Play Protect
- Self-destruction
As if this were not enough, the latest update of this campaign contains new features, such as phishing capabilities, malware and banking Trojans that make BRATA one of the most dangerous security threats today. In a recently detected case, the malware was able to show the affected user fake URLs of financial institutions, making it easier to steal the victim’s sensitive banking information.
McAfee notes that social engineering methods continue to work as they take advantage of the fact that people trust banking institutions. In successful phishing attacks, people hand over the keys to the cybercriminals instead of the cybercriminals having to steal them themselves.
To prevent these kinds of infections, experts recommend That Android users never install applications from unofficial sources, as this is the main method employed by cybercriminals to deliver malware on mobile devices. About malicious apps that manage to sneak into Google Play, specialists recommend checking the information of developers before installing the tool in question.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.