Security News > 2022 > June > BRATA Android Malware Gains Advanced Mobile Threat Capabilities
![BRATA Android Malware Gains Advanced Mobile Threat Capabilities](/static/build/img/news/brata-android-malware-gains-advanced-mobile-threat-capabilities-medium.jpg)
The operators behind BRATA have once again added more capabilities to the Android mobile malware in an attempt to make their attacks against financial apps more stealthy.
An acronym for "Brazilian Remote Access Tool Android," BRATA was first detected in the wild in Brazil in late 2018, before making its first appearance in Europe last April, while masquerading as antivirus software and other common productivity tools to trick users into downloading them.
The change in the attack pattern, which scaled new highs in early April 2022, involves tailoring the malware to strike a specific financial institution at a time, switching to a different bank only after the victim begins implementing countermeasures against the threat.
Cleafy said it found a separate Android app package sample that used the same command-and-control infrastructure as BRATA to siphon SMS messages, indicating that the threat actors are testing out different methods to expand their reach.
The SMS stealer app is said to be specifically singling out users in the U.K., Italy, and Spain, its goal being able to intercept and exfiltrate all incoming messages related to one-time passwords sent by banks.
"The first campaigns of malware were distributed through fake antivirus or other common apps, while during the campaigns the malware is taking the turn of an APT attack against the customer of a specific Italian bank," the researchers said.
News URL
https://thehackernews.com/2022/06/brata-android-malware-gains-advanced.html
Related news
- Fuxnet malware: Growing threat to industrial sensors (source)
- New Brokewell malware takes over Android devices, steals data (source)
- New 'Brokewell' Android Malware Spread Through Fake Browser Updates (source)
- New Wpeeper Android malware hides behind hacked WordPress sites (source)
- Android Malware Wpeeper Uses Compromised WordPress Sites to Hide C2 Servers (source)
- Finland warns of Android malware attacks breaching bank accounts (source)
- Android 15, Google Play get new anti-malware and anti-fraud features (source)
- Android 15, Google Play Protect get new anti-malware and anti-fraud features (source)
- Android malware Grandoreiro returns after police disruption (source)
- Beware: These Fake Antivirus Sites Spreading Android and Windows Malware (source)