• Latest
  • Trending
Android-wiping BRATA malware is evolving into a persistent threat

Android-wiping BRATA malware is evolving into a persistent threat

June 20, 2022
Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023
Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023
Data Leak Hits Thousands of NHS Workers

Data Leak Hits Thousands of NHS Workers

February 20, 2023
EU Cybersecurity Agency Warns Against Chinese APTs

EU Cybersecurity Agency Warns Against Chinese APTs

February 20, 2023
How Your Storage System Will Still Be Viable in 5 Years’ Time?

How Your Storage System Will Still Be Viable in 5 Years’ Time?

February 20, 2023
The Broken Promises From Cybersecurity Vendors

Cloud Infrastructure Used By WIP26 For Espionage Attacks on Telcos

February 20, 2023
Instagram and Facebook to get paid-for verification

Instagram and Facebook to get paid-for verification

February 20, 2023
YouTube CEO Susan Wojcicki steps down after nine years

YouTube CEO Susan Wojcicki steps down after nine years

February 20, 2023
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Thursday, 16 July, 2026
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

Android-wiping BRATA malware is evolving into a persistent threat

by ITECHNEWS
June 20, 2022
in Infosec, Leading Stories
0 0
0
Android-wiping BRATA malware is evolving into a persistent threat

The threat actor behind BRATA banking trojan has evolved their tactics and improved the malware with information-stealing capabilities.

Italian mobile security company Cleafy has been tracking BRATA activity and noticed in the most recent campaigns changes that lead to longer persistence on the device.

YOU MAY ALSO LIKE

French Telco Orange Hit by Cyber-Attack

ATC Ghana supports Girls-In-ICT Program

“The modus operandi now fits into an Advanced Persistent Threat (APT) activity pattern,” explains Cleafy in a report this week.

“This term is used to describe an attack campaign in which criminals establish a long-term presence on a targeted network to steal sensitive information.”

The malware itself has also been updated with new phishing techniques, new classes to request additional permissions on the device, and now also drops a second-stage payload from the command and control (C2) server.

BRATA detection volumes
BRATA detection volumes (Cleafy)

Targeted campaigns

BRATA malware is also more targeted, as the researchers discovered that it focuses on one financial institution at a time and only pivot to a different one when their attacks are rendered inefficient by countermeasures.

For example, BRATA now comes pre-loaded with a single phishing overlay instead of acquiring a list of installed apps and fetching the right injections from the C2.

One of the overlays used in recent campaigns
Overlay used in a recent campaign (Cleafy)

This minimizes the malicious network traffic and the interactions with the host device.

In a more recent version, BRATA adds more permissions that allow it to send and receive SMS, which can help attackers steal temporary codes like one-time passwords (OTPs) and two-factor authentication (2FA) that banks send to their customers.

After nesting into a device, BRATA fetches a ZIP archive from the C2 server containing a JAR (“unrar.jar”) package.

This keylogging utility monitors app-generated events and stores them locally on the device with the text data and a matching timestamp.

New keylogging module on BRATA
New keylogging module on BRATA (Cleafy)

Cleafy’s analysts saw signs that this tool is still in early development and the researchers think that the author’s ultimate goal is to abuse the Accessibility Service to get data from other applications.

The BRATA evolution

BRATA started as a banking trojan in Brazil in 2019, able to perform screen capturing, install new apps, and turn off the screen to make the device appear powered down.

In June 2021, BRATA made its first appearance in Europe, using fake anti-spam apps as a lure and employing fake support agents who defrauded victims and tricked them into giving them complete control of their devices.

In January 2022, a new version of BRATA emerged in the wild, using GPS tracking, multiple C2 communication channels, and tailored versions for banking customers in different countries. That version also featured a factory reset command that wiped devices after all data had been stolen.

Now, besides the new BRATA version and the change in tactics, Cleafy has also found a new project: an SMS stealer app that communicates with the same C2 infrastructure.

Side by side comparison of BRATA and SMS stealer
Side by side comparison of BRATA and SMS stealer (Cleafy)

It uses the same framework as BRATA and the same class names, but it seems to be focused only on syphoning short text messages. Currently, it targets the UK, Italy, and Spain.

Language selection screen on the SMS stealer app
Language selection screen on the SMS stealer app (Cleafy)

To intercept incoming SMS, the application asks the user to set it as the default messaging app while also requesting permission to access contacts on the device.

SMS stealer prompts during installation
SMS stealer prompts during installation (Cleafy)

For now, it’s unclear if this is just an experiment on an effort of the BRATA team to create simpler apps devoted to specific roles.

What is clear is that BRATA keeps evolving with a cadence of about two months. It’s imperative to stay vigilant, keep your device up to date, and avoid installing apps from unofficial or suspicious sources.

Source: Bill Toulas
Via: bleepingcomputer
Tags: Android-wiping BRATA malware is evolving into a persistent threat
ShareTweet

Get real time update about this post categories directly on your device, subscribe now.

Unsubscribe

Search

No Result
View All Result

Recent News

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025

Recent News

  • Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa July 29, 2025
  • French Telco Orange Hit by Cyber-Attack July 29, 2025
  • ATC Ghana supports Girls-In-ICT Program April 25, 2023
  • Vice President Dr. Bawumia inaugurates ICT Hub April 2, 2023
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© Copyright 2026, All Rights Reserved | iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© Copyright 2026, All Rights Reserved | iTechNewsOnline.Com - Powered by BackUPDataSystems

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?
Go to mobile version