Security News > 2021 > April > BRATA Malware Poses as Android Security Scanners on Google Play Store
A new set of malicious Android apps have been caught posing as app security scanners on the official Play Store to distribute a backdoor capable of gathering sensitive information.
"These malicious apps urge users to update Chrome, WhatsApp, or a PDF reader, yet instead of updating the app in question, they take full control of the device by abusing accessibility services," cybersecurity firm McAfee said in an analysis published on Monday.
Another app named DefenseScreen racked up 10,000 installs before it was removed from the Play Store last year.
Once the victim agrees to install the app, BRATA requests permissions to access the device's accessibility service, abusing it to capture lock screen PIN, record keystrokes, take screenshots, and even disable the Google Play Store.
By disabling the Play Store app, the idea is also to disable Play Protect, a feature that preemptively runs a safety check on apps before they are downloaded from the app store, and routinely scans Android devices for potentially harmful apps and removes them.
"By stealing the PIN, Password or Pattern, combined with the ability to record the screen, click on any button and intercept anything that is entered in an editable field, malware authors can virtually get any data they want, including banking credentials via phishing web pages or even directly from the apps themselves, while also hiding all these actions from the user."
News URL
Related news
- Android 15, Google Play get new anti-malware and anti-fraud features (source)
- Android 15, Google Play Protect get new anti-malware and anti-fraud features (source)
- Free VPN apps on Google Play turned Android phones into proxies (source)
- Vultur banking malware for Android poses as McAfee Security app (source)
- Google rejected 2.28 million risky Android apps from Play store in 2023 (source)
- Google's new AI search results promotes sites pushing malware, scams (source)
- Apps secretly turning devices into proxy network nodes removed from Google Play (source)
- Drozer: Open-source Android security assessment framework (source)
- Winnti's new UNAPIMON tool hides malware from security software (source)
- Google Cloud/Cloud Security Alliance Report: IT and Security Pros Are ‘Cautiously Optimistic’ About AI (source)