FBI: Cuba ransomware breached 49 US critical infrastructure orgs
Researchers discover 14 new data-stealing web browser attacks
Microsoft Edge now bashes Google Chrome when you download it
Russian internet watchdog announces ban of six more VPN products
Learn how to build embedded systems for $6 during Cyber Week
US State Dept employees’ phones hacked using NSO spyware
Fake support agents call victims to install Android banking malware
FBI: Cuba ransomware breached 49 US critical infrastructure orgs
Qualys BrowserCheck
STOPDecrypter
AuroraDecrypter
FilesLockerDecrypter
AdwCleaner
ComboFix
RKill
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Toksearches.xyz Search Redirect
Remove the Smashapps.net Search Redirect
Remove the Smashappsearch.com Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
eLearning
IT Certification Courses
Gear + Gadgets
Security
Android malware
The BRATA Android remote access trojan (RAT) has been spotted in Italy, with threat actors calling victims of SMS attacks to steal their online banking credentials.
The variant currently in circulation is new, and according to a report by researchers at Cleafy, it can pass undetected by the vast majority of AV scanners.
BRATA was previously seen in Brazil, delivered via apps on the Google Play Store, but it appears that its authors are now selling it to foreign operators, which is not unusual in this field.
The Italian campaign was first spotted in June 2021, delivering multiple Android apps through SMS phishing, otherwise known as smishing.
Most of the malicious apps were called “Sicurezza Dispositivo” (Device Security) and were promoted as anti-spam tools.
That first wave failed in AV detection, having a 50% stealthiness rate in Virus Total. These high detection rates led to a second wave using a new variant with extremely low detection rates in mid-October.
In the second wave, the actors also expanded their targeting scope, raising the targeted financial institutes from one to three.
The attack begins with an unsolicited SMS text linking a malicious website. This text claims to be a message from the bank urging the recipient to download an anti-spam app.
The link leads to a page from where the victim downloads the BRATA malware themselves or takes them to a phishing page to enter their banking credentials.
During that step, the threat actors call the victim on the phone and pretend to be an employee of the bank, offering help with installing the app.
The app requires multiple permissions to enable the actor to take full control of the compromised device, including the Accessibility services, view and send SMS, make phone calls, and perform screen recording.
The full list of BRATA’s capabilities includes:
The actors abuse these permissions to access the victim’s bank account, retrieve the 2FA code, and eventually perform fraudulent transactions.
The mule accounts used as intermediary points in this campaign are based in Italy, Lithuania, and the Netherlands.
As this is a mobile campaign, desktop users are excluded from infections to narrow the targeting scope to prospective victims.
If you try to open the link contained in the SMS on a PC or laptop, the website won’t be viewable. That’s a simple checking method to confirm the validity of incoming messages.
Secondly, no bank ever suggests installing any app other than the official e-banking app, which is found on the Play Store/App Store and linked to from the bank’s official website.
Finally, whenever you install an app, pay attention to the type of permission requested and consider its relevance to the app’s functionality. Do not install the app if an app is requesting too many permissions unrelated to its functionality.
Malicious Android app steals Malaysian bank credentials, MFA codes
Flubot Android malware now spreads via fake security updates
Android banking malware infects 300,000 Google Play users
Google, Apple fined by Italian authority for aggressive data collection
Android malware BrazKing returns as a stealthier banking trojan
Not a member yet? Register Now
Former Ubiquiti dev charged for trying to extort his employer
Nine WiFi routers used by millions were vulnerable to 226 flaws
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.

source

You May Also Like

This image looks very different on Apple devices — see for yourself

TellYouThePass ransomware revived in Linux, Windows Log4j attacksCredit card info of 1.8…

Firefox users can't reach Microsoft.com — here's what to do

Microsoft December 2021 Patch Tuesday fixes 6 zero-days, 67 flawsNew ransomware now…

CISA releases cybersecurity response plans for federal agencies

Windows 10 21H2 is released, here are the new featuresNew Rowhammer technique…

Zero-day bug in all Windows versions gets free unofficial patch

AMD fixes dozens of Windows 10 graphics driver security bugsVoid Balaur hackers-for-hire…