Cleafy specialists have discovered a new version of the BRATA Android Trojan, which was first identified by Kaspersky Lab experts in 2019. The updated malware has gained new features such as GPS tracking, the ability to use multiple communication channels, and the ability to factory reset the device to cover up traces of its activity.
The BRATA malware was first mentioned in 2019 and at that time it was primarily aimed at Android device users from Brazil. Now, an updated version of the Trojan has been detected in Europe, where it is mainly used to steal users’ banking details and gather other information. Furthermore, the malware can be used as a full-fledged remote access tool that executes remotely received intruder commands. According to reports, the new version of BRATA is attacking Android users from the UK, Poland, Italy, Spain, as well as China and Latin America. Different variants of malware targeted for use in specific regions have different settings to more reliably disguise themselves as legitimate software.
One of the curious features of BRATA is its ability to automatically factory reset the user’s device. This happens when the attackers managed to steal the user’s credentials. This helps the scammers gain extra time to transfer the victim’s money to their account. In addition, settings are reset when BRATA detects that it is being analyzed, for example when entering a virtual environment. For the victim, this feature is very inconvenient as resetting settings can lead to irreversible loss of important data.
It is noted that BRATA is just one of the malware that targets mobile device users. To reduce the chances of encountering such software, users are advised not to be vigilant, install applications only from official content stores, not download apk files from third party and suspicious resources, and also monitor the permissions that the installed applications request access .