"BRATA Phone-Wiping Android Banking Trojan Is Getting Nastier"

BRATA is a destructive banking Trojan known for wiping smartphones to hide its tracks, which has been upgraded with several new features, thus improving its ability to steal online banking credentials, intercept SMS two-factor authentication (2FA) codes, and more. It has been around since at least 2019, starting as spyware and later becoming a banking Trojan. Last year, researchers at Cleafy, an Italian cybersecurity firm, revealed that BRATA's creators had begun misusing Android's factory reset feature to prevent victims from detecting, reporting, and halting unwanted wire transfers. After a successful illicit wire transfer or when the malware was spotted by installed security software, the factory reset was carried out. The malware was spread through fraudulent SMS messages purporting to be from a target's bank, but contained a link that would download BRATA. According to the researchers, a new variant of BRATA is spreading across Europe, which has new phishing pages mimicking targeted banks, methods of acquiring permissions to access GPS location data, and new ways to send and receive SMS, and gain device management permissions. It also can now execute event logging by sideloading a second-stage piece of malware from its command-and-control (C2) server. The ability to receive and read the victim's SMS, combined with the phishing pages, might be utilized to take over a victim's bank account. This article continues to discuss new changes made to the BRATA Android banking Trojan. 

ZDNet reports "BRATA Phone-Wiping Android Banking Trojan Is Getting Nastier"