Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Android Security

Android Malware BRATA Wipes Your Device After Stealing Data (bleepingcomputer.com) 32

Posted by BeauHD from the double-whammy dept.
The Android malware known as BRATA has added new and dangerous features to its latest version, including GPS tracking, the capacity to use multiple communication channels, and a function that performs a factory reset on the device to wipe all traces of malicious activity. BleepingComputer reports: BRATA was first spotted by Kaspersky back in 2019 as an Android RAT (remote access tool) that mainly targeted Brazilian users. In December 2021, a report by Cleafy underscored the emergence of the malware in Europe, where it was seen targeting e-banking users and stealing their credentials with the involvement of fraudsters posing as bank customer support agents. Analysts at Cleafy continued to monitor BRATA for new features, and in a new report published today, illustrate how the malware continues to evolve.

The latest versions of the BRATA malware now target e-banking users in the UK, Poland, Italy, Spain, China, and Latin America. Each variant focuses on different banks with dedicated overlay sets, languages, and even different apps to target specific audiences. The authors use similar obfuscation techniques in all versions, such as wrapping the APK file into an encrypted JAR or DEX package. This obfuscation successfully bypasses antivirus detections [...]. On that front, BRATA now actively seeks signs of AV presence on the device and attempts to delete the detected security tools before proceeding to the data exfiltration step.

The best way to avoid being infected by Android malware is to install apps from the Google Play Store, avoid APKs from shady websites, and always scan them with an AV tool before opening. During installation, pay close attention to the requested permissions and avoid granting any that appear unnecessary for the app's core functionality. Finally, monitor battery consumption and network traffic volumes to identify any inexplicable spikes that may be attributed to malicious processes running in the background.
This discussion has been archived. No new comments can be posted.

Android Malware BRATA Wipes Your Device After Stealing Data More

Android Malware BRATA Wipes Your Device After Stealing Data

Comments Filter:

  • Questionable downloads (Score:4, Insightful)

    by algaeman ( 600564 ) on Thursday January 27, 2022 @10:09PM (#62213995)
    Don't download so many porn and gambling apps, and you won't get malware on your phone.

    • Don't download so many porn and gambling apps, and you won't get malware on your phone.

      Oh, look at the virtue signalling Puritan with his "I can survive on seven gambling apps and twelve porn apps"! Shove it because I need my vices in scores! ;)

    • You can't stop stupid, and we shouldn't try at the expense of others.

        Part of the justification for hostile lockdowns of devices against their owners is "well most of our users are stupid". Don't buy into this.

    • Re: (Score:2)

      by antdude ( 79039 )

      Don't download anything. :P

  • Why wipe the data? All that does is announce to the user that their hardware was pwned and they need to do something NOW to lock down their credit cards and banks accounts, etc.

    The programmers behind it are probably a bunch of young fools who want to stroke their egos over how 1337 they are because they could grief their victims.by wiping the data.

    A true mastermind would have the malware go into a passive state for a few months or even remove itself after uploading all the desired info. That way the victi

    • Re: (Score:2)

      by gweihir ( 88907 )

      Yes, pretty much. Also, this way they do more obvious damage and raise the motivation for low enforcement to look into it. Stupid.

    • Re: (Score:2)

      by tlhIngan ( 30335 )

      True, announcing yourself is generally bad form, but perhaps the real goal is to ferment chaos.

      Enough people do everything on their phones - wipe the data and they're completely and utterly lost.

      So you found out your phone was infected. Cancel credit cards? Well, they were on the phone - they'd be lost because they have no way to do anything. Fat chance they even have the card physically on them to even be able to get a ride home or call their bank and all that.

      Maybe you're Gen X or so and remember making b

    • And what's the point of GPS tracking if you factory reset it anyway?

      As you said, young fools.

    • There are all types of people in this world, and I believe the writers of this malware falls into the "malicious anarchist" catagory. They probally don't expect to profit much off of this; their satisfaction comes from destroying people's data and making them scramble to close out their compromised credit card accounts. They want to severely disrupt people's lives for the lulz.

        I bet they have never been laid and are quite pissed at this.

  • If it can get fully rid of data thieving bloatware, it may be worth dropping some security protocols temporarily.

    • If it can get fully rid of data thieving bloatware, it may be worth dropping some security protocols temporarily.

      Well it just has

      a function that performs a factory reset on the device to wipe all traces of malicious activity

      So I suppose if you just want the factory installed data thieving bloatware. It will work.
      As long as you don't mind having all your banking details and money stolen in the process?

      You could just skip that bit and factory reset your phone yourself.

      • just skip that bit and factory reset your phone yourself.

        Where is your sense of adventure!?

        • just skip that bit and factory reset your phone yourself.

          Where is your sense of adventure!?

          Poking at people on the Internet is pretty much it!?

  • always scan with AV before installing? (Score:4, Insightful)

    by OrangeTide ( 124937 ) on Friday January 28, 2022 @12:16AM (#62214179) Homepage Journal

    And here I thought permissions, containers, and access controls were common in modern operating systems. But no, we need to use computers like this is 1999 and we have Windows 98 with Norton Antivirus bogging everything down.

    Mainstream computing platforms are such bullshit. Android is based on Linux and it has had a decade to leverage the things in it. Google's confidence in Android is so low that they are still actively working on ChromeOS and Fuchsia. Google's app store is just a way to skim user data and get people to sign up for gmail accounts.

    • Mod Up as informative Easy solution for Google. A front end hook on load executable, then get AV software to trigger a scan on any encrypted container/jar. I speculate this was NOT done, as it may break vendor software obfuscation schemes as well. Or game software. There could be a hash table for trusted executables, so negligible overhead.,

      • If the container/jar is encrypted by the app itself, how will AV software open it up to scan it? I thought that was the point of malware doing this in the first place.

        I assume Google Play apps are not allowed to be encrypted to prevent just this kind of thing.

    • Re: (Score:3)

      by Entrope ( 68843 )

      More to the point, consider the advice from the summary:

      The best way to avoid being infected by Android malware is to install apps from the Google Play Store, avoid APKs from shady websites, and always scan them with an AV tool before opening.

      Say I do the first, and only install apps from the Google Play Store. That means I'm already doing the second. But how do I do the third? Google Play doesn't give me the option of downloading the APK first to scan it with an antivirus!

      How does somebody write such bad prose? How does an editor greenlight a link to such shabby writing? Do they just not think before spending good money on dodgy SEO campaigns?

      • You're right that Google doesn't facilitate this process. But you can download unencrypted APKs from the play store using a browser. iOS apps are encrypted so you can't do any inspection (or unauthorized reverse engineering). I'm not sure that you need to do the third if you are doing the first two, though, do you? I mean doesn't Google run anti-virus and malware detection for Play Store apps? I doubt I can do it better.

        • Re: (Score:3)

          by Entrope ( 68843 )

          Yes, Google scans things on the Google Play Store, and I agree their scanners are probably better and more up-to-date than anything a random person will run. My gripe was really about the writer saying to do all three things.

  • Security of a laughing stock (Score:3)

    by Uldis Segliņš ( 4468089 ) on Friday January 28, 2022 @03:09AM (#62214367)
    First adwice - trust Google. Their capability of finding any sneaky way to outsmart them can and has been overoutsmarted. That is a vague security measure. Permissions, yeah if not granting, an APK just does not work at all. That is a vague secuurity measure, humans being humans. Android security has the worst of Windows 95 (thinking of security as an additional, postimplementation module) and the worst of Windows 10 features (you have no control over what is going on in your device). Why couldn't Google build upon the existing Linux security measures? Obscuring and hiding basic OS features, reinventing a square security wheel again. Bad Google, go to your room!

  • Don't use internet banking? (Score:3)

    by Bruce66423 ( 1678196 ) on Friday January 28, 2022 @05:04AM (#62214499)

    Having had to make a trip to my branch yesterday to set up a standing order and change contact details, I feel rather justified in my refusal to use internet banking.

    smug mode

  • First of all, that statement is blissfully deluded. Let's say it's arguably the least bad way, to put it kindly.

    Secondly, what about people who don't want a Google account? No Google Play store for them then.

    I guess I'll keep trusting the Aurora store then, because however bad the Android malware is, running the risk of sideloading my apps is still preferable to having a Google account for me.

  • "and a function that performs a factory reset on the device to wipe all traces of malicious activity"

    I feel like I would notice something was wrong with my phone if it factory reset itself. How often does this happen to people?!

    • I am in no way associated with the malware authors so I can't speak to their motivations. Others have posited that the wiping will make people suspicious and they will go out and cancel credit cards and such. Since I don't write malware, I don't know for sure. But if I were going to do something like this, it seems reasonable to wipe the phone after a few weeks. By then, the fraud detection algorithms will have shut down the credit cards anyway and the owner will know something is amiss. Since the devi
  • This is why smart people use an Apple product. Now though, with the Epic Games lawsuit, that last bastion of security may also be gone.

Slashdot Top Deals

"God is a comedian playing to an audience too afraid to laugh." - Voltaire

Close