BRATA Malware Poses as Android Security Scanners on Google Play Store

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,154
Content source
https://thehackernews.com/2021/04/brata-malware-poses-as-android-security.html
A new set of malicious Android apps have been caught posing as app security scanners on the official Play Store to distribute a backdoor capable of gathering sensitive information.

"These malicious apps urge users to update Chrome, WhatsApp, or a PDF reader, yet instead of updating the app in question, they take full control of the device by abusing accessibility services," cybersecurity firm McAfee said in an analysis published on Monday.

The apps in question were designed to target users in Brazil, Spain, and the U.S., with most of them accruing anywhere between 1,000 to 5,000 installs. Another app named DefenseScreen racked up 10,000 installs before it was removed from the Play Store last year.
Click to expand...
First documented by Kaspersky in August 2019, BRATA (short for "Brazilian Remote Access Tool Android") emerged as an Android malware with screen recording abilities before steadily morphing into a banking trojan.

"It combines full device control capabilities with the ability to display phishing webpages that steal banking credentials in addition to abilities that allow it capture screen lock credentials (PIN, Password or Pattern), capture keystrokes (keylogger functionality), and record the screen of the infected device to monitor a user's actions without their consent," McAfee researchers Fernando Ruiz and Carlos Castillo said.

The apps that distribute the backdoor alert unsuspecting users of a security issue on their devices, prompting them to install a fake update of a specific app (e.g., Google Chrome, WhatsApp, and a non-existent PDF reader app) to address the problem.

Once the victim agrees to install the app, BRATA requests permissions to access the device's accessibility service, abusing it to capture lock screen PIN (or password/pattern), record keystrokes, take screenshots, and even disable the Google Play Store.
Click to expand...
thehackernews.com

BRATA Malware Poses as Android Security Scanners on Google Play Store

Android Malware Poses as Android Security Scanners on Google Play Store
thehackernews.com thehackernews.com
 
  • Like
  • +Reputation
Reactions: Venustus, RansomwareRemediation, The_King and 3 others
You must log in or register to reply here.

Similar threads

Ink
    • Like
‘Google Partner Setup' update rolling out via Play Store (GMS)
Replies
1
Views
881
News Archive
Ink
Ink
Ink
    • Like
Google Play Store is getting a revamp fit for large-screen tablets, Chromebooks and foldables
Replies
0
Views
431
News Archive
Ink
Ink
CyberTech
    • Like
    • +Reputation
Android adware apps on Google Play amass two million installs
Replies
0
Views
698
News Archive
CyberTech
CyberTech

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top