This Android Malware That Factory Resets Your Device After Stealing Money!

 While Android makes way for customization and other nifty features, it also makes room for cyber attackers to gain access to people’s data or steal their money, thus, causing privacy concerns. Over the years, we have seen various malware such as Ghimob, Blackrock, and xHelper affect thousands of Android devices. Now, an evolved version of the malware program BRATA has been discovered that can factory reset your Android device after stealing your money using e-banking apps.

BRATA — which is short for Brazilian RAT Android — is a type of Android Remote Access Tool (RAT) that was first spotted by Kaspersky researchers in 2019. BRATA was mainly being delivered via the Google Play Store, and its variants were mainly distributed as fake updates for popular apps like WhatsApp.

Once executed, it allows a bad actor to unlock the target's phone, extract information by logging their keystrokes, and even turn off the screen while secretly running tasks in the background. Initially spotted wreaking havoc in Brazil, malicious parties weaponizing BRATA were also observed sending messages to targets in Italy last year. The fake SMS led users to a website where they were asked to download a fake anti-spam app to get the malware package on the victim's phone or directed them to a website where they were asked to enter their financial information.

The cybersecurity experts over at Cleafy say BRATA has evolved to add some scary new abilities. First, the malware can reset the victim's phone to factory settings, deleting any trace of infection and unauthorized transactions. The notorious Pegasus spyware that was recently deployed to spy on activists, journalists, and dissidents in multiple countries, also has a self-destruct feature to remove traces of surveillance. In BRATA's case, Cleafy identified three strains with BRATA.A said to be capable of GPS tracking and executing a factory reset.

The device reset capability of BRATA.A is essentially a kill switch for the malware that kicks into action in two scenarios. The first scenario is when a bad actor has successfully committed a banking fraud, ensuring that the victim has no clue regarding a financial attack targeting them. The second scenario is when a malicious party knows that the malware application has not been installed natively on the phone and is instead running in a virtual enclosure. Again, the goal is to prevent a cybersecurity expert from studying its activity in real-time.

Regarding GPS tracking, researchers studying BRATA's evolved version say that location permission by the malicious app is requested at the time of installation. But so far, they haven't come across any signs of location tracking being weaponized. However, it is very much possible that it can be activated soon to know a victim's whereabouts and execute other forms of attacks such as cardless withdrawals from ATMs. The BRATA.B variant, on the other hand, performs keylogging to store all the keystrokes that users type when using a banking application. And as if the threat was not enough, the BRATA malware's footprints have now been discovered in more countries, including the U.K. and Poland.

How to protect yourself from banking Trojans

There's no foolproof way to avoid banking Trojans on an Android phone, but you can take several steps to minimize your risk.

1. Don't install apps from outside the Google Play store. Malware does get into Google Play sometimes, but "off-road" apps are a much greater risk. 

2. Don't trust SMS texted security alerts that seem to come from your bank. Instead of responding to the message or clicking on a link, check to see if the alert is real by calling the bank support number printed on the back of your ATM or credit card — not a phone number in the SMS message.

3. When banking online from a desktop, check the URL in the browser's address bar to make sure it's really the bank's site. 

4. When banking online on a mobile device, don't use a browser — you often won't be able to see the entire URL. Use the bank's dedicated app instead.

5. Set up two-factor authentication on your online bank account if your bank hasn't instituted it already. 

6. Install and use one of the best Android antivirus apps. The BRATA malware will try to uninstall these apps, but many of them will detect and block BRATA before it gets a chance to do so.

For the latest gadget and tech news, and gadget reviews, follow us on Twitter, Reddit and Facebook. For newest tech & gadget videos subscribe to our YouTube Channel.