Serviceteam IT Security News

A newly discovered Android remote access Trojan (RAT) is specifically targeting users in Brazil, Kaspersky reports. 

Called BRATA, which stands for Brazilian RAT Android, the malware could theoretically be used to target any other Android user, should the cybercriminals behind it want to. Widespread since January 2019, the threat was primarily hosted in Google Play, but also in alternative Android app stores. 

The malware targets Android 5.0 or later and infects devices via push notifications on compromised websites, messages delivered via WhatsApp or SMS, or sponsored links in Google searches.

After discovering the first RAT samples in January and February 2019, Kaspersky has observed over 20 different variants to date, in Google Play alone, most posing as updates to WhatsApp. 

One of the topics abused by BRATA is the CVE-2019-3568 WhatsApp patch. The infamous fake WhatsApp update had over 10,000 downloads in the official Android store when it was removed, Kaspersky says.

As soon as it has infected a device, BRATA enables its keylogging feature and starts abusing Android’s Accessibility Service feature to interact with other applications.

The commands supported by the malware allow it to capture and send user’s screen output in real-time, or turn off the screen or give the user the impression that the screen is off while performing actions in the background. 

It can also retrieve Android system information, data on the logged user and their registered Google accounts, and hardware information, and can request the user to unlock the device or perform a remote unlock.

What’s more, BRATA can launch any application installed with a set of parameters sent via a JSON data file, send a string of text to input data in textboxes, and launch any particular application or uninstall the malware and remove traces of infection.

“In general, we always recommend carefully review permissions any app is requesting on the device. It is also essential to install an excellent up-to-date anti-malware solution with real-time protection enabled,” Kaspersky concludes. 

RelatedMalware Found in Google Play App With 100 Million Downloads

RelatedResearchers Discover Android Surveillance Malware Built by Russian Firm

Source: infosec island

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!