BRATA, Worst Android Malware In A While

It Cleans Up On It’s Way Out … A Bit Too Much

BRATA is Android malware which targets people by posing as an app from a bank, asking you to install it in a rather nasty way.  It has been spotted in the UK, Poland, Italy, Spain, China, and Latin America and has posed as numerous banks.  In each country and for each different back a different version of BRATA is hand crafted to make it much harder to spot than your usual one size fits all malware.  It also knows some rather nasty tricks.

Once an Android user has been convinced to install the app from the provided source, which thankfully is not being distributed by the Google Play Store, BRATA goes on the hunt for AV software to delete;; the AV app which totally missed the bad file thanks to the designers hiding the APK in an encrypted JAR or DEX package.  Once that is done it can use your GPS to monitor your location, grab screen shots and log all your keystrokes.  In addition, as it looks exactly like the app your bank would use it easily convinces it’s victims to feed it their banking credentials.  Those are then uploaded to the evildoers server in a variety of ways, including HTTP and WebSockets.

Once done, this dastardly piece of malware covers it’s tracks by factory resetting your phone.  This is especially bad news for those that do not properly back up their phone, and there is probably a fair sized overlap between the group of people that don’t back up and those that install apps from random locations.  It has yet to be spotted in North America but it is only a matter of time before those responsible for BRATA set their sites on the US and Canada.