A new malicious Android remote access tool (RAT) called BRATA was reported by Kaspersky researchers, has infectedand spy from WhatsApp and SMS messages to Brazilian users.
“BRATA” is a new Android remote access tool malware family. We used this code name based on its description – “Brazilian RAT Android”. It exclusively targets victims in Brazil: however, theoretically it could also be used to attack any other Android user if the cybercriminals behind it want to. It has been widespread since January 2019, primarily hosted in the Google Play store, but also found in alternative unofficial Android app stores. For the malware to function correctly, it requires at least Android Lollipop 5.0 version.
The cybercriminals behind BRATA use few infection vectors. For example, they use push notifications on compromised websites; and also spread it using messages delivered via WhatsApp or SMS, and sponsored links in Google searches.
The first samples we found in the wild date to January and February 2019, while so far over 20 different variants have appeared in the Google Play Store, the majority of these pose as an update to the popular instant messaging application WhatsApp. The CVE-2019-3568 WhatsApp patch is one of the topics abused by BRATA threat actor. Once a victim’s device is infected, “BRATA” enables its keylogging feature, enhancing it with real-time streaming functionality. It uses Android’s Accessibility Service feature to interact with other applications installed on the user’s device.”, says the report.
“Once a victim’s device is infected, ‘BRATA’ enables its keylogging feature, enhancing it with real-time streaming functionality,” found the researchers. “It uses Android’s Accessibility Service feature to interact with other applications installed on the user’s device.”
Among the capabilities that BRATA comes with, the RAT allows its operators to unlock their victims’ devices, to collect device information, turn off the device’s screen to surreptitiously run tasks in the background, and uninstall itself and removes any infection traces.