Security News > 2021 > April > BRATA Malware Poses as Android Security Scanners on Google Play Store

A new set of malicious Android apps have been caught posing as app security scanners on the official Play Store to distribute a backdoor capable of gathering sensitive information.
"These malicious apps urge users to update Chrome, WhatsApp, or a PDF reader, yet instead of updating the app in question, they take full control of the device by abusing accessibility services," cybersecurity firm McAfee said in an analysis published on Monday.
Another app named DefenseScreen racked up 10,000 installs before it was removed from the Play Store last year.
Once the victim agrees to install the app, BRATA requests permissions to access the device's accessibility service, abusing it to capture lock screen PIN, record keystrokes, take screenshots, and even disable the Google Play Store.
By disabling the Play Store app, the idea is also to disable Play Protect, a feature that preemptively runs a safety check on apps before they are downloaded from the app store, and routinely scans Android devices for potentially harmful apps and removes them.
"By stealing the PIN, Password or Pattern, combined with the ability to record the screen, click on any button and intercept anything that is entered in an editable field, malware authors can virtually get any data they want, including banking credentials via phishing web pages or even directly from the apps themselves, while also hiding all these actions from the user."
News URL
Related news
- New North Korean Android spyware slips onto Google Play (source)
- Malicious Android 'Vapor' apps on Google Play installed 60 million times (source)
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)
- Google expands Android AI scam detection to more Pixel devices (source)
- Google Rolls Out AI Scam Detection for Android to Combat Conversational Fraud (source)
- BadBox malware disrupted on 500K infected Android devices (source)
- Why The Modern Google Workspace Needs Unified Security (source)
- Google paid $12 million in bug bounties last year to security researchers (source)
- North Korea’s ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps (source)
- Google Acquires Wiz for $32 Billion in Its Biggest Deal Ever to Boost Cloud Security (source)