Security News > 2022 > January > Malware resets Android devices after performing fraudulent wire transfers

If your Android phone initiates a factory reset out of the blue, there's a chance it has been infected with the BRATA banking malware and you've just been ripped off.

Through the years, BRATA evolved primarily into banking malware and has lately been aimed against Android users in Europe and the rest of Latin America.

"The attack chain usually starts with a fake SMS containing a link to a website. The SMS seems to come from the bank, and it tries to convince the victim to download an anti-spam app, with the promise to be contacted soon by a bank operator. In some cases, the link redirects the victim to a phishing page that looks like the bank's, and it is used to steal credentials and other relevant information," the researchers shared last December.

Victims are persuaded by the fraud operators to install the app, which gives the latter control of the device and access to the 2FA code sent by the bank, allowing them to perform fraudulent transactions.

Several variants of the malware posing as a variety of security apps have been targeting users of banks and financial institutions in the UK, Poland, Italy, and LATAM. BRATA's new capabilities.

They have also observed that the Android device factory reset is executed if the malicious app / malware is installed in a virtual environment, which means that its developers are trying to prevent researchers from performing a dynamic analysis of it.

News URL

https://www.helpnetsecurity.com/2022/01/27/android-malware-reset/