It Cleans Up On It’s Way Out … A Bit Too Much
BRATA is Android malware which targets people by posing as an app from a bank, asking you to install it in a rather nasty way. It has been spotted in the UK, Poland, Italy, Spain, China, and Latin America and has posed as numerous banks. In each country and for each different back a different version of BRATA is hand crafted to make it much harder to spot than your usual one size fits all malware. It also knows some rather nasty tricks.
Once an Android user has been convinced to install the app from the provided source, which thankfully is not being distributed by the Google Play Store, BRATA goes on the hunt for AV software to delete;; the AV app which totally missed the bad file thanks to the designers hiding the APK in an encrypted JAR or DEX package. Once that is done it can use your GPS to monitor your location, grab screen shots and log all your keystrokes. In addition, as it looks exactly like the app your bank would use it easily convinces it’s victims to feed it their banking credentials. Those are then uploaded to the evildoers server in a variety of ways, including HTTP and WebSockets.
Once done, this dastardly piece of malware covers it’s tracks by factory resetting your phone. This is especially bad news for those that do not properly back up their phone, and there is probably a fair sized overlap between the group of people that don’t back up and those that install apps from random locations. It has yet to be spotted in North America but it is only a matter of time before those responsible for BRATA set their sites on the US and Canada.
The Android malware known as BRATA has added new and dangerous features to its latest version, including GPS tracking, the capacity to use multiple communication channels, and a function that performs a factory reset on the device to wipe all traces of malicious activity.