Skip to main content

Android malware loots bank accounts and factory resets your phone — and it's spreading

How to move data from iPhone to Android
(Image credit: Getty Images)

Sneaky threat actors are continuing to exploit Android banking trojan BRATA to perform mobile banking fraud, using the nasty malware to monitor an unsuspecting victim's bank account, perform wire transfers, and factory reset their smartphone to erase any traces.

First spotted by Karspesky in 2019, the "Brazilian RAT Android" (BRATA) is a known Android remote access tool that originally targeted Android users in Brazil. Now, it has recently started spreading around the globe, including in the UK, Poland, and Italy. There have even been tailored variants for Spain and China spotted. 

As reported by cybersecurity fraud prevention company Cleafy (via Tom's Guide), the cybercriminals behind the malware spread it through messages delivered via WhatsApp or SMS, and even sponsored links in Google searches. Once installed, the threat actors can take full control of a victim's phone, monitor and clean out their bank account, and factory reset the device via a "kill switch" once the job is done.

As explained by Cleafy, the BRATA attack chain often starts with a fake SMS text containing a link to a website, asking them to urgently download an anti-spam security app. The SMS mimics the victim's bank to convince them to download an anti-spam app, with the promise to be contacted by a bank operator. If clicked, the scam link redirects the victim to a phishing page that looks like the bank’s official website, asking them to put in their private credentials.

To make it all the more convincing, a fake support technician will call the victim to walk them through installing the malicious app, giving the anti-spam app access to multiple permissions so the hackers have full control over their phone. The threat actors use the trojan to monitors all users’ keystrokes when visiting a banking app, record and take screenshots to retrieve private information, block and forward incoming texts from the victim's bank for 2FA purposes, uninstall other apps, and wipe the phone clean via factory reset.

The BRATA malware continues to grow, as cybersecurity experts have even discovered it has the potential to track victims via GPS signal. However, the development phase on this has "has been currently stopped."

"According to our findings, we can expect BRATA to keep staying undetected and to keep developing new features," Cleafy states. It's a nasty malware that can fool anyone, and Android apps can be a huge cybersecurity risk especially when they're found outside the Googe Play store. Stay away from links sent via text message from "official" banks or companies.  If you are expecting a message and receive a well-timed text, it's better to head to your bank's official website and check the link, rather than opening up a link found in an SMS message.

Cybersecurity researchers discovered that Google's security software detected only 31% of spyware threats on Android devices, failing to recognize 20 out of 29 malicious apps in a security application test. With this in mind, it's a good idea to take cybersecurity into your own hands and start signing up for the best VPN services, best authenticator apps, and best password managers

Darragh Murphy is fascinated by all things bizarre, which usually leads to assorted coverage varying from washing machines designed for AirPods to the mischievous world of cyberattacks. Whether it's connecting Scar from The Lion King to two-factor authentication or turning his love for gadgets into a fabricated rap battle from 8 Mile, he believes there’s always a quirky spin to be made. With a Master’s degree in Magazine Journalism from The University of Sheffield, along with short stints at Kerrang! and Exposed Magazine, Darragh started his career writing about the tech industry at Time Out Dubai and ShortList Dubai, covering everything from the latest iPhone models and Huawei laptops to massive Esports events in the Middle East. Now, he can be found proudly diving into gaming, gadgets, and letting readers know the joys of docking stations for Laptop Mag.