Brata also strikes in Italy: it is the dangerous banking Trojan that resets the phone

A new cyber threat is making its way to Android users: it is Brata, a bank fraud Trojan that has been around for at least three years but has now been updated and modified to be even more dangerous. Beyond in fact, compromising the accounts of any home banking servicethe malware capable of resand the devices on which it is installed restore them to their factory settings, thereby deleting all content and user data.

Brata was first described in 2019 by Kaspersky security analysts, who pointed out at the time that the malware targeted people with Brazilian bank accounts. The spread took place via Google Play and via third-party marketplaces, but also via compromised websites and links sent via messaging apps.

The problem now that Brata is back in the limelight is with new features, including precisely the ability to fully restore infected devices. The goal here is to eliminate any traces after making an unauthorized transfer and make it more difficult for the victim to perform the operations necessary to verify and contain any fraud.

But among the other features that enrich the new version of Brata, there is also the possibility of tracking the GPS position of the device, communicating more stably with command and control servers and constantly monitoring applications. bank accounts of the victim by also exploiting keylogging mechanisms to steal authentication information. And with the new update, Brata becomes a more global threat: now able, in fact, to target bank accounts located in Europe and the United States, as well as those in Latin America.

27122 brata android

For this version, there is no evidence yet that the malware is spreading via Google Play or other third-party marketplaces. The main circulation vehicle for the malware now appears to be messages Phishing text messages disguised as bank communications. And there are said to be at least three Brata variants in circulation, all of which flew under the radar until the security companyCleafy failed to locate them. In particular, Cleafy warns that there are variants in circulation aimed specifically at users in certain countries, also including Italy.

Since the spread of malware mainly takes place, as mentioned, via fake text messages, the warning to pay particular attention to any banking communication that you may receive (not only by SMS). From Cleafy’s analysis, it appears that fake messages lead to the download of equally fake apps for “additional security”, but the suggestion is to adopt a certain level of distrust even in the face of seemingly bank communications. legitimate.