Home Cyber Attack BRATA Android RAT Is Actively Spying On Brazilian Users

BRATA Android RAT Is Actively Spying On Brazilian Users

by Abeerah Hashim

Researchers have caught up with another malware campaign in the wild targeting Android users. The newly discovered BRATA malware is an Android RAT that primarily targets users in Brazil. It can also attack users in other areas when required by the attackers.

BRATA Android RAT Campaign

Researchers from Kaspersky Lab have discovered a new RAT targeting Android users in Brazil. Dubbed as ‘BRATA’ by researchers, the Brazilian Android RAT is specifically infecting and spying on users from a particular region. They have shared their findings in detail in their blog post.

As elaborated, the malware, identified as “HEUR:Backdoor.AndroidOS.Brata” has been around since January 2019. It is present on Google Play Store as well as other Android application stores. The malware seemingly targets modern Android devices as it requires Android version 5.0 (Lollipop) for apt functioning.

Like most robust malware, BRATA also exhibits numerous malicious features, most of which make it look like spyware. Prominent functions of BRATA include keylogging, abusing Android Accessibility Service to interact with other installed apps, taking device’s screenshots, turning on/off the screen, launch any application, retrieve device data and users’ account information, locking and unlocking the device, and even removing the infection altogether.

Unique Infection Vectors Including WhatsApp

What makes this malware notable is its contemporary infection vectors. As stated by the researchers,

The cybercriminals behind BRATA use few infection vectors. For example, they use push notifications on compromised websites; and also spread it using messages delivered via WhatsApp or SMS, and sponsored links in Google searches.

One of these infection vectors is the recent WhatsApp vulnerability CVE-2019-3568 that triggered the installation of malware to the devices.

Until the time of discovery, the researchers reported that they could confirm the presence of at least 20 variants of the malware on Play Store. Most of these variants posed as WhatsApp update.

While BRATA presently seems aimed at Brazilian Android users, it does bear the capability to infect users in other parts of the world as well. Therefore, users must ensure keeping their devices loaded with a robust anti-malware to fend off such virus attacks in real-time. Also, they should remain very cautious regarding the permissions asked by an application at the time of installation.

Recently, the researchers also highlighted a popular PDF creator app CamScanner that suddenly started delivering malware to the users.

Let us know your thoughts about the articles in the comments.

You may also like