BRATA, Worst Android Malware In A While

Source: Slashdot BRATA, Worst Android Malware In A While

It Cleans Up On It’s Way Out … A Bit Too Much

BRATA is Android malware which targets people by posing as an app from a bank, asking you to install it in a rather nasty way.  It has been spotted in the UK, Poland, Italy, Spain, China, and Latin America and has posed as numerous banks.  In each country and for each different back a different version of BRATA is hand crafted to make it much harder to spot than your usual one size fits all malware.  It also knows some rather nasty tricks.

Once an Android user has been convinced to install the app from the provided source, which thankfully is not being distributed by the Google Play Store, BRATA goes on the hunt for AV software to delete;; the AV app which totally missed the bad file thanks to the designers hiding the APK in an encrypted JAR or DEX package.  Once that is done it can use your GPS to monitor your location, grab screen shots and log all your keystrokes.  In addition, as it looks exactly like the app your bank would use it easily convinces it’s victims to feed it their banking credentials.  Those are then uploaded to the evildoers server in a variety of ways, including HTTP and WebSockets.

Once done, this dastardly piece of malware covers it’s tracks by factory resetting your phone.  This is especially bad news for those that do not properly back up their phone, and there is probably a fair sized overlap between the group of people that don’t back up and those that install apps from random locations.  It has yet to be spotted in North America but it is only a matter of time before those responsible for BRATA set their sites on the US and Canada.

The Android malware known as BRATA has added new and dangerous features to its latest version, including GPS tracking, the capacity to use multiple communication channels, and a function that performs a factory reset on the device to wipe all traces of malicious activity.

Video News

About The Author

Jeremy Hellstrom

Call it,, or PC Perspective, Jeremy has been hanging out and then working with the gang here for years. Apart from the front page you might find him on the BOINC Forums or possibly the Fraggin' Frogs if he has the time.

Leave a reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Podcasts

Archive & Timeline

Previous 12 months
Explore: All The Years!