MADRID, June 22 (Portaltic/EP) –
the Trojan Brazilian Remote Access Tool Android (BRATA) It has been reinvented with a new variant that threatens Spain and the rest of Europe with new techniques aimed at stealing banking information.
BRATA is just a ‘Malware’ affects devices Android and was discovered in 2019. Since then, this Trojan has evolved to stay up to date and find new ways to attack its victims.
The danger of BRATA is such that it must be taken into account an Advanced Persistent Threat (APTfor its English acronym) for its recent activity patterns, according to experts at the mobile cybersecurity company clef in his last report.
This newly released nature implies setting up a long-term cyber attack campaign focused on stealing sensitive information from its targets. Currently, BRATA has targeted financial institutions and attacking them one by one.
Study researchers spotted the current variant of BRATA on European soil in recent months, posing as a specific banking entity and deploying three new features.
One of them is a technician ‘phishing’, consisting of replicate a bank’s website. The aim of cyber criminals is to steal their victims’ credentials. To do this, you will be asked to enter your customer number and account PIN, mimicking the same authentication process as you would at a real bank.
The new BRATA variant also operates via a malicious messaging app with which it shares the same command and control (C2) infrastructure.
Once the application is installed on the device, it will prompt the user to make it their default messaging app. Thus, it achieves sufficient authority to intercept incoming messages such as those sent by banks to send one-way codes (OTP) and two-factor authentication (2FA).
This new feature, which particularly affects Spain, Italy and the UK, can be combined with the bank’s BRATA replica “phishing” site to allow criminals to stage an account takeover attack (ATTOfor its acronym in English).
In addition to stealing bank details and checking incoming messages, the experts see the new BRATA variant as an effort to spread and hijack its threat across the entire device data from other applications, and that once installed, the rogue “app” downloads an external payload that abuses the Accessibility Service.