Security News > 2021 > April > BRATA Malware Poses as Android Security Scanners on Google Play Store

A new set of malicious Android apps have been caught posing as app security scanners on the official Play Store to distribute a backdoor capable of gathering sensitive information.
"These malicious apps urge users to update Chrome, WhatsApp, or a PDF reader, yet instead of updating the app in question, they take full control of the device by abusing accessibility services," cybersecurity firm McAfee said in an analysis published on Monday.
Another app named DefenseScreen racked up 10,000 installs before it was removed from the Play Store last year.
Once the victim agrees to install the app, BRATA requests permissions to access the device's accessibility service, abusing it to capture lock screen PIN, record keystrokes, take screenshots, and even disable the Google Play Store.
By disabling the Play Store app, the idea is also to disable Play Protect, a feature that preemptively runs a safety check on apps before they are downloaded from the app store, and routinely scans Android devices for potentially harmful apps and removes them.
"By stealing the PIN, Password or Pattern, combined with the ability to record the screen, click on any button and intercept anything that is entered in an editable field, malware authors can virtually get any data they want, including banking credentials via phishing web pages or even directly from the apps themselves, while also hiding all these actions from the user."
News URL
Related news
- SpyLend Android malware downloaded 100,000 times from Google Play (source)
- Week in review: Exploited 7-Zip 0-day flaw, crypto-stealing malware found on App Store, Google Play (source)
- Google's March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities (source)
- New North Korean Android spyware slips onto Google Play (source)
- Malicious Android 'Vapor' apps on Google Play installed 60 million times (source)
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)
- Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking (source)
- Google Confirms Android SafetyCore Enables AI-Powered On-Device Content Classification (source)
- Google Chrome's AI-powered security feature rolls out to everyone (source)
- Qualcomm pledges 8 years of security updates for Android kit using its chips (YMMV) (source)