Madrid
Updated:
Save
The Trojan of Brazilian origin BROTHER, designed to steal bank data from users, has been reinvented and has received a new variant that threatens Spain and the rest of Europe through new techniques aimed at stealing account and credit card information. The virus, which only represents a threat to devices Androidwas discovered in 2019 and, like so many other similar codes, has been mutating ever since in order to remain effective against developer targets.
The danger of BRATA is of such magnitude that it has come to be considered an Advanced Persistent Threat (APT) due to its recent activity patterns, according to experts from mobile cybersecurity firm Cleafy in their latest report.
This newly released nature implies the establishment of a long-term cyberattack campaign that focuses on stealing sensitive information from its victims. Currently, BRATA has targeted financial institutions, attacking one at a time. According to information from Cleafy, among its main objectives are Spain, Italy and UK.
The study’s researchers have found the current variant of BRATA on European territory in recent months, where it masquerades as a specific banking entity and has deployed three new capabilities. Like so many others, the developers create a malicious page that tries to impersonate the official one of the bank to deceive the user. The goal of cybercriminals is theft of credentials from their victims. To do this, they send an SMS impersonating the entity, usually with a message that seeks to alarm them so that they act without thinking twice and click.
The new variant of BRATA also acts through a malicious messaging ‘app’ with which it shares the same infrastructure. Once installed on the device, the application asks the user make it your default messaging ‘app’. If he accepts, he gains sufficient authority to intercept incoming messages, such as those sent by banks to send single-use codes and two-factor authentication.
This new feature can be combined with the bank page recreated by cybercriminals to trick the user into gaining access to their banking information.
In addition to stealing banking credentials and monitoring incoming messages, Cleafy’s experts suspect that the new BRATA variant is designed to spread its threat throughout the device and hijack data from other applications, and that once installed the ‘ Fraudulent app’ downloads an external payload that abuses the Accessibility Service.
See them
comments