fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Android Malware BRATA Wipes your Device After Stealing Data

Android Malware BRATA Wipes your Device After Stealing Data

The Android malware known as BRATA has added new and dangerous features to its latest version, including GPS tracking, the capacity to use multiple communication channels, and a function that performs a factory reset on the device to wipe all traces of malicious activity.

BRATA was first spotted by Kaspersky back in 2019 as an Android RAT (remote access tool) that mainly targeted Brazilian users.

In December 2021, a report by Cleafy underscored the emergence of the malware in Europe, where it was seen targeting e-banking users and stealing their credentials with the involvement of fraudsters posing as bank customer support agents.

Also Read: The Difference Between GDPR And PDPA Under 10 Key Issues

Analysts at Cleafy continued to monitor BRATA for new features, and in a new report published today, illustrate how the malware continues to evolve.

Tailored versions for different audiences

The latest versions of the BRATA malware now target e-banking users in the UK, Poland, Italy, Spain, China, and Latin America.

Each variant focuses on different banks with dedicated overlay sets, languages, and even different apps to target specific audiences.

BRATA variants circulating different countries
BRATA variants circulating different countries
Source: Cleafy

The authors use similar obfuscation techniques in all versions, such as wrapping the APK file into an encrypted JAR or DEX package.

This obfuscation successfully bypasses antivirus detections, as illustrated by the VirusTotal scan below.

Detection rate of newest samples
Detection rate of newest samples
Source: Cleafy

On that front, BRATA now actively seeks signs of AV presence on the device and attempts to delete the detected security tools before proceeding to the data exfiltration step.

Also Read: PDPA Compliance Singapore: 10 Areas To Work On

AV tools removed by BRATA
AV tools removed by BRATA
Source: Cleafy

New features

The new features spotted by Cleafy researchers in the latest BRATA versions include keylogging functionality, which complements the existing screen capturing function.

Although its exact purpose remains a mystery to the analysts, all new variants also have GPS tracking.

The scariest of the new malicious features is the performing of factory resets, which the actors perform in the following situations:

  1. The compromise has been completed successfully, and the fraudulent transaction is over (i.e. credentials have been exfiltrated).
  2. The application has detected that it runs on a virtual environment, most probably for analysis.

BRATA uses factory resets as a kill switch for self-protection, but since they wipe the device, they also introduce the possibility of sudden and irreversible loss of data for the victim.

Factory reset function
Factory reset function
Source: Cleafy

Finally, BRATA has added new communication channels for exchanging data with the C2 server and now supports HTTP and WebSockets.

Communication with C2 in new BRATA
Communication with C2 in new BRATA
Source: Cleafy

The option of WebSockets gives the actors a direct and low-latency channel that is ideal for real-time communication and live manual exploitation.

Moreover, because WebSockets doesn’t need to send headers with each connection, the volume of suspicious network traffic is reduced, and by extension, the chances of being detected are minimized.

Basic ways to stay safe

BRATA is only one of many Android banking trojans and stealthy RATs circulating in the wild, targeting people’s banking credentials.

The best way to avoid being infected by Android malware is to install apps from the Google Play Store, avoid APKs from shady websites, and always scan them with an AV tool before opening.

During installation, pay close attention to the requested permissions and avoid granting any that appear unnecessary for the app’s core functionality.

Factory reset permission requested by the laced BRATA app
Factory reset permission requested by the laced BRATA app
Source: Cleafy

Finally, monitor battery consumption and network traffic volumes to identify any inexplicable spikes that may be attributed to malicious processes running in the background.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us