Android malware BRATA wipes your device after stealing data

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
The Android malware known as BRATA has added new and dangerous features to its latest version, including GPS tracking, the capacity to use multiple communication channels, and a function that performs a factory reset on the device to wipe all traces of malicious activity.

In December 2021, a report by Cleafy underscored the emergence of the malware in Europe, where it was seen targeting e-banking users and stealing their credentials with the involvement of fraudsters posing as bank customer support agents.

Analysts at Cleafy continued to monitor BRATA for new features, and in a new report published today, illustrate how the malware continues to evolve.
The new features spotted by Cleafy researchers in the latest BRATA versions include keylogging functionality, which complements the existing screen capturing function.
Although its exact purpose remains a mystery to the analysts, all new variants also have GPS tracking.

The scariest of the new malicious features is the performing of factory resets, which the actors perform in the following situations:
  1. The compromise has been completed successfully, and the fraudulent transaction is over (i.e. credentials have been exfiltrated).
  2. The application has detected that it runs on a virtual environment, most probably for analysis.
BRATA uses factory resets as a kill switch for self-protection, but since they wipe the device, they also introduce the possibility of sudden and irreversible loss of data for the victim.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top