A dangerous Android banking trojan is evolving, and is now threatening to wreak even more havoc. Last December, we shared a report from cybersecurity experts at Cleafy about BRATA. The report revealed that threat actors using the trojan were calling people to convince them to download malicious apps. As if that wasn’t terrifying enough, BRATA has now apparently learned a few tricks that could lead to far more effective phishing campaigns.
This Android malware can reset your phone
According to Cleafy’s latest report, a new variant of BRATA began circulating last December. Initially, the threat actors using BRATA were only targeting Android users in Brazil. They’ve since expanded their reach to the UK, Poland, Italy, and Latin America.
In addition to targeting new territories, BRATA is also equipped with new features that make it even more dangerous. Cleafy’s researchers say that BRATA is now capable of performing a factory reset on a target’s phone. This lets threat actors erase any traces of their infiltration. These are the two cases in which the hackers were executing factory resets:
- A bank fraud has been completed successfully. In this way, the victim is going to lose even more time before understanding that a malicious action happened.
- The application is installed in a virtual environment. BRATA tries to prevent dynamic analysis through the execution of this feature.
Unfortunately, that’s not the Android trojan’s only new feature. It can also use multiple communication channels to keep a persistent connection between your device and the hacker’s command and control (C2) server. And it can continuously monitor your bank applications. And it might even be able to track you using GPS.
How to protect yourself from BRATA
Hours after Cleafy’s researchers shared their findings on their blog, security firm Zimperium confirmed the report. Zimperium corroborates Cleafy’s claims that BRATA now features a kill switch that can force a factory reset. BRATA is also now targeting victims around the globe, from Europe to the US and all throughout Latin America.
Here’s what you should do if the Android trojan infects your phone, according to Zimperium:
Victims of BRATA Android malware are advised to change all relevant banking and utility passwords and conduct a complete factory reset of their Android devices. It is highly recommended not to restore the device from a backup; it is best practice to reload and download all relevant applications. Victims using their devices as part of an enterprise bring your own device (BYOD) policy are advised to immediately contact their IT administrator and security team, notifying them of the potential breach.
Of course, the best plan of action is to simply avoid the malware altogether. Threat actors send malicious messages disguised as banking alerts to trick Android device owners. If you aren’t entirely confident that the text you received is legitimate, don’t interact with it. In order for the malware to work, hackers need you to do some of the work yourself. Remain diligent, and you can avoid a great deal of hassle.