As well as their “natural” counterpart too technological viruses change shape and purposein order to evade the defenses put in place and achieve its purpose. A few weeks ago we gave you an account of the circulation of BRATA which apparently continues to represent a serious threat to Android smartphones.
BRATA returns and is even worse
If the version that was also circulating in Italy in December was aimed at banking data, researchers from Cleafy have isolated two new variants that add even more user-damaging capabilities, BRATA.A in fact is enriched with the ability to track the victim via GPS and with the ability to perform a factory reset, that erase the entire contents of the smartphonewith the risk of seriously putting users in difficulty.
BRATA.B, on the other hand, is even more subtle, since in addition to the functions of variant A it is capable of obfuscate the code more and create more accurate and tailor-made overlays in order to steal the banking information of the victims, in particular the access data to the apps of various credit institutions.
BRATA.C takes care of downloading the malware on the smartphone through a main app which in turn download a secondary app that contains the real malicious code.
How to defend yourself from BRATA
The best way to defend against BRATA and its serious threats is to give the utmost to granting permitsin particular those of the director. BRATA relies on accessibility services to read screen content, capturing images and capturing keystrokes.
The main novelty of the new BRATA variants is the possibility of perform a hard reset once bank stolen data is complete. The malware is also able to understand if it is running in a virtual environment, again causing a factory reset, but only if the “host” application has been granted administration permissions.
Once again, therefore, the best defense comes from the user and from one constant attention to installed applications. We recommend that you only install applications from secure distribution platforms and avoid granting accessibility or administrative permissions to applications unless you are absolutely sure of what you are doing.