Most Android users are not aware there’s a new BRATA banking trojan that has the capacity to factory-wipe your smartphone right after stealing your money from your bank account. A report says that BRATA is an evolving trojan that monitors a victim’s bank account and perpetrates fraud through unauthorised wire transfers.
The Remote Access Trojan (RAT) has been in existence as spyware since 2019 in Brazil. Security company, Cleafy, claims that the new variant started showing up in December 2021 and now targets users in the U.K., Poland, Italy, and Latin America. It will only be a matter of time before it arrives in the U.S. The target is Android users could capture a phone user’s screen in real-time.
Another report revealed that victims of Android malware are often advised to perform a factory reset after cleaning up an infection, but BRATA now does the reset for another reason: in order to wipe any evidence after conducting an illicit wire transfer from the victim’s online bank account.
Source: Cleafy
How to spot a BRATA attack
Cleafy explains that the first attempt is usually an SMS text message that appears to be from a bank. This text requires you to take immediate action to protect yourself and contains links to help you do so.
Once the victim taps the link he or she will migrate to a mobile-only webpage that mimics the bank’s website. This person will be prompted to download a secure application directly from his or her bank’s website.
“At this point,” Cleafy notes, “a helpful “support technician” calls you and walks you through the process of installing the app—it’s tricky because it’s not an app found in the Google Play store—and then granting the app special permissions.”
Any smart individual will quickly know that the so-called technician is just a scam, and so allowing yourself to be preyed on means you’ve given absolute control to this new application to take over your smartphone.
Such permissions could be “the abilities (of the new app) to see what you type and do on the phone, make phone calls, send and view text messages, access saved photos and files and — most importantly — act as a “device administrator” that can lock and unlock the screen, modify system settings and remote wipe the device”.
Steps you can take
Not only can your banking information be taken, but BRATA can also remotely “clean” your device. In an attempt to factory-wipe your smartphone, the Trojan carries out a killswitch, which, according to Wikipedia is a safety mechanism used to shut off machinery in an emergency, when it cannot be shut down in the usual manner.
Note that wiping your device is meant to hide the criminal act performed by BRATA, making it harder to suspect. While there’s no failsafe solution to eliminate banking Trojans on Android, the following precautions will help you reduce your exposure to them.
- Google’s Play Store is a safe place to download apps for use, not third-party app stores. However, before you install, read the comments (also reviews) of people who have used the app or try to download it.
- Beware of suspicious messages which can mimic your bank’s. Also, never click on a link even if it’s from your bank.
- Some credit alerts aren’t real. If necessary, confirm any suspicious alert by reaching out to your bank.
- In case you’re used to Internet Banking, always pay attention to URL link and be sure you enter the authentic website of your bank(s).
- Most banking apps now allow you to set up two-factor authentication. Please do this and stay safe while banking.
Trojans have existed for a long time. While there are varying degrees of severity, any variation that targets your smartphone is exceedingly dangerous. Anybody can make an app for Android without having to go through a lot of rules and regulations. It’s restricted for Apple’s App Store. Sadly, this leaves Android phone owners exposed to viruses or infections from these malwares, as hackers may easily hide dangerous code in an application.
On a final note, developers from software development companies are constantly working hard to technically block the possibility of fraud, but it behoves on you to also protect yourself.
