BRATA Malware Keeps Evolving
BRATA is the name of a banking malware targeting Android devices. Security researchers with Cleafy have picked apart the newest versions of the malware and are seeing signs that the group behind BRATA is starting to evolve into an advanced persistent threat actor.
BRATA has been around for a number of years, with the first versions spotted in the wild dating back to 2018. What started out as a banking trojan targeting only Brazilian bank customers quickly evolved into a fully-featured banking malware toolkit.
The abbreviation used for the name also comes from those earliest versions, with BRATA standing for "Brazilian Remote Access Tool Android". BRATA has received a number of significant updates over time, adding a large number of new malicious functionality.
The latest variants of the malware have been spotted targeting European bank customers and those strains include new functionality such as new code to obtain permissions to access GPS data, text messages and management. The BRATA.A strain of the malware can also log events on the target device, using a chunk of code that is obtained from the command and control server following infection.
BRATA is currently being used to target one financial institution at a time, according to Cleafy. Once a victim institution bolsters its defenses sufficiently, the malware group moves on to a new victim.