New BRATA Android Trojan Variants Exhibit More Sneaky Functionalities

The potent Android trojan BRATA has acquired new capabilities its latest variant. Researchers found the new malware to exhibit evasion to antimalware tactics.

In a recent post, researchers from security firm Cleafy have elaborated on the new BRATA Android trojan variants.

BRATA is a nasty Android trojan which was first known in 2019. At that time, the researchers could spot at least 20 malware variants in the wild, all exploiting different attack vectors. Nonetheless, most variants posed as WhatsApp updates.

Back then, the malware already displayed almost all the necessary capabilities to serve as a trojan. However, it has now evolved to acquire more capabilities, such as evading antivirus detection by using a downloader, using multiple communication channels with the C&C servers, GPS tracking, and performing a factory reset on the target device.

Here, the factory reset capability helps the malware remove any traces from the devices. It is important as the new variants aim at conducting wire frauds.

Also, the new BRATA variants employ extensive keylogging and VNC techniques to monitor victims’ bank apps.

As for GPS tracking, the malware currently doesn’t perform any notable activity with this feature. However, the researchers suspect that the threat actors might use this functionality in the future to target specific regions or enable cash-out mechanisms.

Earlier, BRATA remained confined to Brazil only (hence named BRATA – Brazilian RAT Android). But now, the malware also targets banks from regions such as the UK, Poland, Latin America, and Italy. The researchers also spotted some malware samples in Chinese and Spanish languages. It indicates the threat actors might expand their targeted regions in the future.

Like always, users should stay cautious when downloading any apps from untrusted sources, clicking on links or ads to avoid any malware attacks. Also, users should strictly monitor their bank accounts for any fraudulent activities to avoid losses.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil