This Android malware can wipe all your phone data and steal bank details

 A banking-fraud trojan called BRATA is again making headlines as it has been discovered that it is still active and targeting Android users. According to a fresh report from computer security firm Cleafy, a new BRATA variant started circulating in December 2021, which is reportedly stealing the bank account details of users. This trojan is a big threat as it also performs a factory reset and wipes all the data.

BRATA was originally discovered by Kaspersky back in 2019. At that time, the trojan was targeting those who were based in Brazil. Now, a new security research report claims that new variants of BRATA have been created to target different e-banking users living in the UK, Poland, Italy, Spain, China, and Latin America.

This banking trojan was initially spread through push notifications on compromised websites, and Google Play or other official third-party Android stores, as per a Kaspersky report. It has also spread via SMS and popular messaging apps like WhatsApp. For example, an SMS is sent to people that impersonate a bank to make it more believable. It contains a link to a website where the victim is asked to download an anti-spam app. The victims are then tricked into installing a banking trojan app.

Currently, it is unknown whether attackers are still using the same method to spread this. It is being said that some are getting phishing text messages that are disguised as banking alerts. Cleafy reported that the new banking trojan is being distributed through a downloader, which has even managed to bypass antivirus solutions.

There are now three variants of this trojan. The cited source says that BRATA.A was used in the past few months. It adds a GPS tracking feature and has the ability to perform a factory reset. There is also BRATA.B that has similar capabilities, but has more obfuscated code and it makes use of tailored overlay pages for specific banks to gain login details. BRATA.C basically helps deploy malware on smartphones. This variant installs a secondary app with malware using the primary app that a victim is initially asked to download.

To avoid getting caught in all this, one should always keep a check on which apps are being provided accessibility or admin access on their smartphones. The security firm reported that this banking trojan makes use of accessibility service permissions to monitor everything on your screen.

"Through BRATA, TAs will obtain Accessibility Service permissions during the installation phases to observe the activity performed by the victim and/or use the VNC module to retrieve private information shown in the device's screen (Example: bank account balance, transaction history and more)," the report stated.