The malware known as BRATA for Android was discovered by researchers at Cleafy in 2021. Its function is quite dangerous: through a phishing campaign, hackers manage to convince their victim to download the malware, which is disguised as a fake application. Once installed, the user loses control of their smartphone, giving access to their bank details.
In early 2022, hackers deploy an update capable of resetting the Android smartphone to factory settings while making the malware completely undetectable. Today, researchers at Cleafy have made disturbing new discoveries. Several novelties have indeed entered the process, starting with phishing pages that can now spy on the victim’s messages.
When a new version is released, there are also new features that make it more dangerous. Over the past few months, a new variant of BRATA has been detected on Android smartphones impersonating specific banking apps, including some internal changes such as a new phishing technique responsible for mimicking a bank login page.
O BRATA is able to retrieve the two-factor authentication codes needed to log into certain accounts. Furthermore, the malware automatically detects all the usernames and passwords that are in the victim’s conversations, thus compromising their entire online life.
The malware now focuses on hitting a specific bank for a few months before moving on to another target. Finally, it installs a backdoor on the victim’s smartphone to pave the way for possible future attacks.