BRATA Android malware factory resets phones after stealing funds

BRATA Android malware factory resets phones after stealing funds

The new variant of BRATA malware is also capable of GPS tracking and keylogging.

A malware that was originally identified in 2019 has surfaced once again and this time it is equipped with additional features that can wipe out data from Android devices.

Dubbed BRATA (Brazilian Remote Access Tool, Android) by researchers; the new variant of the malware is capable of performing a factory reset on the targeted device. This leads to a complete wipeout of data without the victim’s permission or knowledge.

Stealing money and GPS tracking

According to the IT security researchers at Milan, Italy-based fraud-management firm Cleafy, upon infection, the malware aims at stealing money from the victim’s bank account through apps installed on the device.

If successful, it performs a factory reset to divert the victim’s attention. However, the victim ends up losing all the data on the phone. Cleafy also noted that BRATA’s new variant performs GPA tracking and keylogging. This means the threat actors behind this malware can not only track the victim’s location but also harvest data based on their activity on the infected device.

The researchers discovered the new BRATA campaign in November 2021 and noted the list of targeted countries include Italy, Poland, the United Kingdom, and Latin America.

Victim receives call from cybercriminals

The modus operandi behind BRATA’s infection involves taking advantage of a downloader to evade detection from anti-malware software. Cleafy confirms that the malware is “almost not detected by any antivirus solution.”

However, an analysis published by Cleafy last year revealed that the malware authors are also employing social engineering tactics by sending malicious text messages that contain a BRATA downloader link.

What’s even worse is that the victim receives a phone call from a cybercriminal claiming to be a bank official who tries to trick them into clicking the link and installing the malware on their phone. 

BRATA Android malware factory resets phones after stealing funds

Once installed, the infected phone can be remotely controlled by the malware author who can perform a variety of actions including stealing money, factory resetting the phone, changing the screen lock and password settings.

According to researchers, 2FA or OTP can not protect victims from this attack since the crooks have full access to sending or receiving text messages.

Through the malware installed on the victim device, Threat Actors can receive on their server the 2FA code sent by the bank and perform fraudulent transactions.


Protecting your phone

If you are an Android user refrain from downloading apps from third-party app stores. It is also advised that if you are downloading an app from Play Store keep an eye on the permissions it seeks. 

Although BRATA is undetectable by any security software at this time, it is highly recommended that Android users should use reliable anti-malware software at all times. Nevertheless, keep in mind that your device is updated and regularly scanned for potential threats.

More Android malware news on

Millions of Android devices abused by UltimaSMS Adware Scam

TangleBot Android malware hijacks phone to steal login credentials

170 fraudulent Android apps scamming cryptocurrency enthusiasts

About 10 million Android devices found infected with Cynos malware

Android game developer EskyFun exposed 1 million gamers to hackers

Related Posts