Android is the most widely used mobile operating system in the world with a market share of 72% and this popularity makes it one of the targets for cybercriminals, who have used to steal the main data of users of Android terminals through programs on repeated occasions, making the importance of staying safe more greater and more difficult too. You may have heard of the Brata Trojan, of Brazilian origin, and it has appeared in a much more dangerous new version.
Brata was created to steal banking data, but after quite some time, the security company Cleafy has discovered that a newer version of the Trojan has started to attack, but this time not only to extract data from the bank, but also to format the entire the information that is stored on Android devices.
This new version of BRATA has different variants aimed at different types of users from Italy, Spain, the United Kingdom, Poland, China and Latin America. At the moment the versions found are: BRATA.A, BRATA.B and BRATA.C.
▸BRATA.A
This one has been the most widely used in recent months and has two new features: GPS tracking of the victim’s device and the ability to perform a factory reset of the terminal.
▸BRATA.B
This one has practically the same characteristics as the first, to which it adds the partial obfuscation of the code and the use of overlapping pages that are used to steal the PIN of the victims’ banking application.
▸BRATA.C
Uses a main application that can then download and install a secondary application with the malware to deploy it on the smartphones of its victims.
The best way to avoid being terminated with this banking Trojan is to review the accessibility permissions that we grant to the applications that we have installed on our mobile, since BRATA makes use of these permissions to see what is on your screen, including screenshots. screen and user keystrokes.
