Security News > 2022 > January > Malware resets Android devices after performing fraudulent wire transfers

If your Android phone initiates a factory reset out of the blue, there's a chance it has been infected with the BRATA banking malware and you've just been ripped off.
Through the years, BRATA evolved primarily into banking malware and has lately been aimed against Android users in Europe and the rest of Latin America.
"The attack chain usually starts with a fake SMS containing a link to a website. The SMS seems to come from the bank, and it tries to convince the victim to download an anti-spam app, with the promise to be contacted soon by a bank operator. In some cases, the link redirects the victim to a phishing page that looks like the bank's, and it is used to steal credentials and other relevant information," the researchers shared last December.
Victims are persuaded by the fraud operators to install the app, which gives the latter control of the device and access to the 2FA code sent by the bank, allowing them to perform fraudulent transactions.
Several variants of the malware posing as a variety of security apps have been targeting users of banks and financial institutions in the UK, Poland, Italy, and LATAM. BRATA's new capabilities.
They have also observed that the Android device factory reset is executed if the malicious app / malware is installed in a virtual environment, which means that its developers are trying to prevent researchers from performing a dynamic analysis of it.
News URL
https://www.helpnetsecurity.com/2022/01/27/android-malware-reset/
Related news
- North Korea’s ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps (source)
- New Android malware uses Microsoft’s .NET MAUI to evade detection (source)
- APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware (source)
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)
- New Crocodilus malware steals Android users’ crypto wallet keys (source)
- Counterfeit Android devices found preloaded With Triada malware (source)
- Triada Malware Preloaded on Counterfeit Android Phones Infects 2,600+ Devices (source)
- SpyNote, BadBazaar, MOONSHINE Malware Target Android and iOS Users via Fake Apps (source)
- New Android malware steals your credit cards for NFC relay attacks (source)
- SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks (source)