Security News > 2021 > April > BRATA Malware Poses as Android Security Scanners on Google Play Store

A new set of malicious Android apps have been caught posing as app security scanners on the official Play Store to distribute a backdoor capable of gathering sensitive information.

"These malicious apps urge users to update Chrome, WhatsApp, or a PDF reader, yet instead of updating the app in question, they take full control of the device by abusing accessibility services," cybersecurity firm McAfee said in an analysis published on Monday.

Another app named DefenseScreen racked up 10,000 installs before it was removed from the Play Store last year.

Once the victim agrees to install the app, BRATA requests permissions to access the device's accessibility service, abusing it to capture lock screen PIN, record keystrokes, take screenshots, and even disable the Google Play Store.

By disabling the Play Store app, the idea is also to disable Play Protect, a feature that preemptively runs a safety check on apps before they are downloaded from the app store, and routinely scans Android devices for potentially harmful apps and removes them.

"By stealing the PIN, Password or Pattern, combined with the ability to record the screen, click on any button and intercept anything that is entered in an editable field, malware authors can virtually get any data they want, including banking credentials via phishing web pages or even directly from the apps themselves, while also hiding all these actions from the user."

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/cVz8kvM3if8/brata-malware-poses-as-android-security.html