BRATA Mobile Banking Trojan Gets New, Dangerous Features
Short News:-
A previously undocumented malware packer named DTPacker has been observed distributing multiple remote access trojans and information stealers. Its name is derived from two Donald Trump-themed fixed keys used to decode the embedded or downloaded resource that ultimately extracts and executes the final payload.
Detailed News:-
Updates to Android malware known as BRATA allow it to track device locations and even perform a factory reset to hide fraudulent wire transfers, reports Ars Technica.
To avoid detection by security software and avoid detection by antivirus, a new set of variants was discovered late last year, Italian cybersecurity firm Cleafy stated in its technical write-up. The United Kingdom, Poland, Italy, and Latin America are among the countries targeted.
Researchers at Cleafy noted in December 2021, "What makes Android RAT so interesting for attackers is its capability to operate directly on the victim devices rather than using a new device." The fingerprinting of the device is already known to the bank, so Threat Actors (TAs) can drastically reduce the possibility of being flagged "as suspicious."
"Brazilian Remote Access Tool Android" (BRATA) was first discovered at the end of 2018 and quickly evolved into a feature-packed banking trojan. In order to evade detection, the malware has undergone a series of upgrades and changes over the years.
New "tailored" BRATA samples target specific countries and contain an initial dropper — an app for security called "iSecurity" — that is undetectable by virtually all malware scanning engines and is used to download the actual malicious software.. and execute it.
Once the downloader app has been installed, all that's needed to download and install a malicious app from an untrusted source is one permission, according to the researchers. This malicious.APK is downloaded via a GET request from the downloader's C2 server, when the victim clicks "Install."
Accessibility Service permissions obtained during the installation phase are known to be abused by BRATA and other banking trojans observed in the wild, allowing the malware to secretly monitor a compromised device's user activity.
After completing a fraudulent wire transfer or when the application is installed in a virtual environment, the new versions of the Android app have added the ability to restore the Android phone to its factory settings.
This banking trojan is being used to commit fraud, typically through unauthorized wire transfers (e.g. SEPA) or through Instant Payments, by threat actors "leveraging this banking trojan for performing frauds, typically through a wide network of money mules accounts in multiple European countries," the researchers said.
Source:-
https://www.cleafy.com/cleafy-labs/how-brata-is-monitoring-your-bank-account
Post a Comment
Your suggestions and comments are welcome