IS experts discovered BRATA Android backdoor

Researchers at Kaspersky Lab have discovered a new Android backdoor, BRATA, which has attacked exclusively Brazilian users since January. The authors of the malware managed to upload it to Google Play, where experts counted more than 20 variations of the program.

Analysts called their find BRATA – “Brazilian RAT Android”. On Google Play, the Trojan masked itself as WhatsApp updates – in particular, attackers promoted it as a patch for CVE-2019-3568.

The vulnerability was widely reported in May this year, when human rights defenders uncovered an espionage campaign based on it.

According to experts, the false patch was installed by more than 10 thousand users.

“Once a victim’s device is infected, ‘BRATA’ enables its keylogging feature, enhancing it with real-time streaming functionality. It uses Android’s Accessibility Service feature to interact with other applications installed on the user’s device”, , — said researchers.

The main purpose of BRATA is keylogging with the ability to transmit data in real time. In its work, the Trojan uses the Accessibility Service, which allows interacting with other applications on the infected device.

Read also: Sodinokibi ransomware spreads through fake forums on WordPress sites

Analysts found the following functions in the malware code:

  1. Getting information about the installed OS, device features, current user and his Google accounts;
  2. Launching installed applications with the parameters specified in the received JSON file. Record and send screenshots to operators;
  3. Sending text data to a remote server;
  4. Sending the user an unlock request, remote unlocking the device;
  5. Turn off the smartphone or tablet, turn off the screen to perform operations in the background;
  6. Removing the malware and all traces of its activity.

Attackers distribute BRATA via malicious SMS and WhatsApp mailings. In addition, they use push notifications on hacked sites and purchase ads on Google search.

Kaspersky analysts remind users to check the permissions requested by installed applications. In addition, for maximum security, you must use the latest mobile antivirus with real-time protection.

William Reddy

I am from Ireland. My parents bought me a computer when I was 11, and several month after I have got a virus on this PC. I decided to enter the INSA Centre Val de Loire university after being graduated from the school. This French educational institution was offering a brand-new cybersecurity course. After getting the master degree in cybersecurity, I've started working in as virus analyst in a little anti-malware vendor. In 2018, I've decided to start Virus Removal project. The main target of this site is to help people to deal with PC viruses of any kind.

Leave a Reply

Your email address will not be published. Required fields are marked *


Back to top button