With just one phone call, a dangerous Android scam is sucking up your money account

With just one phone call, a dangerous Android scam is sucking up your money account

Tech Highlights:

  • First, the threat actors send an SMS text message containing a link to a website. The text appears to be from the bank. This is a tactic known as smishing (phishing with SMS). If the victim clicks the link, the site they visit will prompt them to download an anti-spam app. The site also tells the victim a bank operator will contact them soon to discuss the app they’re downloading. This is where BRATA stands apart from other common Android malware campaigns. Once you visit the site and offer up your information, you will receive a call from a fraud operator. A real person will then attempt to sway you into downloading the malicious app. They will use a variety of social engineering techniques to convince you they work with the bank. Should you fall for it, you might end up installing an app that hackers can use to control your phone.

  • As a deadly malware campaign extends to new locations, Android device owners now have another deception to be aware of. According to Cleafy’s cybersecurity experts, the number of Android remote access trojan (RAT) infections has increased in the last year. BRATA, a trojan first detected in Brazil, has made its way to Italy, according to Cleafy. The malware is being used by hackers to steal banking information from Android users and then drain their accounts. A new Android fraud grabs financial data. This new form of the BRATA malware is tough to detect, according to cybersecurity specialists.

Intercept SMS messages and forward them to a C2 server. This feature is used to get 2FA sent by the bank via SMS during the login phase or to confirm money transactions. Screen recording and casting capabilities that allow the malware to capture any sensitive information displayed on the screen. This includes audio, passwords, payment information, photo, and messages (as shown in Figure 15). Through the Accessibility Service, the malware clicks the “start now” button (of the popup) automatically, so the victim is not able to deny the recording/casting of the owned device.

The BRATA Android scam first began making the rounds in Brazil in 2019. Cleafy says that the new mule accounts spreading the trojan are mostly coming from Italy, as well as Lithuania and the Netherlands. So, if you live in the US, this specific campaign probably won’t target you. That said, it’s one more scary threat that you should be aware of if you own an Android device. Jacob started covering video games and technology in college as a hobby, but it quickly became clear to him that this was what he wanted to do for a living. He currently resides in New York writing for BGR. His previously published work can be found on TechHive, VentureBeat and Game Rant.

Remove itself from the compromised device to reduce detection. Uninstall specific applications (e.g., antivirus). Hide its own icon app to be less traceable by not advanced users. Disable Google Play Protect to avoid being flagged by Google as a suspicious app. Modify the device settings to get more privileges. Unlock the device if it is locked with a secret pin or pattern. Show phishing page. Abuse the accessibility service to read everything that is shown on the screen of the infected device or to simulate taps on the screen. This information is then sent to the C2 server of the attackers.

We will be happy to hear your thoughts

      Leave a reply

      Tech Reviews, News and Guides
      Logo