Listen to this story



Caution! Malware "BRATA" and its dangers for Android

Ramiro Guzman
6 min read
Caution! Malware "BRATA" and its dangers for Android – Free Code – WebMediums
A recent and more dangerous update of the BRATA Trojan has been reported

BRATA malware is a "Trojan virus" that has become more prominent since 2018. His wanderings alerted the entire cyber community, but now he's back with more powerful updates.

Android is the main operating system affected and in which it exercises its superiority. Therefore, it seems useful to identify how to recognize it and thus avoid the consequences.

BRATA Malware: What Exactly Is It?

Malware is the designated term for a type of malicious software. From a linguistic perspective, it is a neologism that combines two words in English: malicious software.

There are many kinds of these cyber programs with evil connotations, BRATA being one of them. BRATA are the initials in English for Brazilian Remote Access Tool Android or translated into Spanish: Brazilian Remote Access Tool for Android.

It was titled with that acronym since its detection in 2018 with origin in the Rio de Janeiro country.

From then on, it was transformed into a sophisticated malicious computer protocol that spread throughout Europe and North America.

BRATA adopts the identity of applications that pose as security scanners.

Thanks to its intrinsic mechanisms, it is quickly included in diffusion platforms such as the Google Play Store. For this reason, it is common for many people to fall into the trap.

The danger of BRATA exposed by McAfee

McAfee, LLC. Is a renowned company in the field of cybersecurity. Since its founding in 1987, it has participated as a highly trusted body, most notably by launching its own antivirus under the same name.

It was the first company to unveil and alert the cyber world about the presence of BRATA. A harmful Trojan that captures and assimilates the mobile's blocking protocols in order to access it remotely. Over time, unauthorized login can steal important data.

Caution! Malware "BRATA" and its dangers for Android – Free Code – WebMediums
BRATA grants remote access permissions to distant servers to obtain personal information

McAfee commented that they are malicious programs that easily bypass security obstacles in the Google Play Store. Based on their analysis, they disguise themselves as scanning applications that, in the most exaggerated scenarios, achieve 10,000 downloads.

It means that up to 10,000 users had to face a brutal hack of their operating system. And, if they did not find a way to counteract it, the leak of personal information remained latent.

BRATA Malware Features: How Much Can It Achieve?

Both McAfee and the expert community in general clarified the functions of the malware. Essentially, the following can be named with greater relevance:

  1. Easily bypass the pre-set lock mechanisms on the smartphone. Said from another point of view, it acquires the password, security PIN or pattern remotely.

  2. It promotes false interactions in which it is required to provide specific data. Because of this, accessibility to different user accounts will be unprotected.

  3. The most dangerous and conspicuous thing is that the malware application is hidden to run in the background. When it happens, it disables the Google Play Protect software, allowing the entry of other malicious protocols.

  4. It records and promotes a history to the remote server of everything that the individual does on the screen. This will serve as a feedback methodology to provide false activities or notifications to be carried out on the ground, preserving information leakage.

  5. As a minor, but no less relevant fact, BRATA also has remote access to the clipboard. A useful application where large amounts of essential text are usually injected.

In addition, the alarms have been raised once again due to the evolution presented by the malware. Although its "clones" have been thoroughly removed from the Google Play Store, new and sophisticated protected copies continue to emerge.

Showing off other servers, encryption and adding extra layers of protection, they overcome any hindrance. Therefore, it is recommended for daily life not to download, much less give accessibility permission to cybersecurity applications with dubious origin.

Like the coronavirus, BRATA "mutated" into a new variant

It is common to relate the term "virus" to the current pandemic situation, but it is a word also applied to computing. In that sense, BRATA can replicate itself, and as it spreads, it undergoes enhancements that give rise to its variants.

At the beginning of the week, new malicious software with the cyber signature of the virus in question was reported. It will not only steal the individual's private data but will cause a factory reset and hard lock on the mobile.

Caution! Malware "BRATA" and its dangers for Android – Free Code – WebMediums
The blocking or total restart of the mobile is a more latent possibility with the new BRATA variant

The most threatening thing is that it is not a variant that works alone, but is divided into three subtypes. The cybersecurity community has simply categorized them as A, B, and C, detailing each of their internal functions.

Version A

It is the most widespread in first world countries such as Spain and other European nations. It adopted a portentous mechanism to "hack" the GPS of the phone where it operates, being able to track its location in real time.

For its part, it actively improves the amount of data leakage, as well as the level of access to the operating system. In a matter of hours, it is capable of rebooting, crashing, or completely "knocking down" the utility of the device.

Edition B

It combines its own qualities with those of version A, but is less distributed in comparison. However, when it comes to dangerousness, it goes further.

It has the peculiarity of "superimposing" false notifications or activities with banking origin. If they fall for this fraud, the external server will gain remote access to the victim's finances. In short, the bank keys will be available to whoever handles the malware.

Model C

Model C follows the standard method of computer infection as the original BRATA. It camouflages itself behind a "miraculous" mobile security interface or application, but in reality it is not what it claims to be.

After being successfully installed, it goes into the background making it impossible to remove. By disappearing from the user's view, it will unleash its intrinsic protocols to steal information and take over the accessibility of the smartphone.

How to prevent falling for BRATA malware?

Prevention lies in knowing how to differentiate truthfulness in various applications. Find out about a chosen one in details such as the history of the company, distributor and more.

Also, pay special attention to the date of publication, comments from other users and classification in valuation. In another order of ideas, that highlights real images on the interface of what it handles.

And finally, reflect on the permissions that are given to downloaded programs. The larger the gateway, the proportional the remote access to potential hacks.