Security News > 2022 > January > BRATA Android Trojan Updated with ‘Kill Switch’ that Wipes Devices

New variants of the BRATA banking trojan have been targeting global Android devices since November with advanced features, including the ability to wipe devices after stealing user data, tracking devices via GPS, and novel obfuscation techniques, researchers have found.

The Cleafy team has identified three new variants of BRATA that have been delivered via two new waves of samples in the last few months, researchers reported.

The second case in which BRATA wipes a device is when the application is installed in a virtual environment, as the RAT "Tries to prevent dynamic analysis through the execution of this feature," researchers wrote.

The variant uses an initial dropper to download and execute the "Real" malicious app later, demonstrating a unique way that deviates from how other Android banking trojans actors try to evade detection by AV solutions, researchers wrote.

"Although the majority of Android banking trojans try to obfuscate/encrypt the malware core in an external file, BRATA uses a minimal app to download in a second step the core BRATA app," they explained in the post.

Overall, Cleafy's latest findings demonstrate that BRATA operators aim to expand their regional scope of targets as well as plan to evolve the malware further, with little sign of letting up in the near future, researchers said.

News URL

https://threatpost.com/brata-android-trojan-kill-switch-wipes/177921/