Copybara Mobile Malware Acts as Banking Trojan to Steal Data

android malware

Copybara is the name of a strain of mobile malware that is believed to belong to the broader family of Brata malware.

Brata consists of the Copybara mobile trojan and the AmexTroll and the actual Brata malware.

Copybara is a mobile trojan targeting Android devices. The malware relies on misusing accessibility services on the Android device to scrape information from the device and commit different fraudulent activities.

Copybara specialized in what is called "on-device fraud", and is, in essence, the abuse of invisible overlays that collect information entered by the user. The malware also has extensive data harvesting capabilities that include accessing and exfiltrating data from contact lists. The Copybara malware can also perform what is called "screenstreaming" - essentially giving attackers a real-time view of what is happening on the device's screen.

Copybara is distributed primarily through smishing and phishing attacks, with fake messages from the victim's bank that include a malicious link and live phone operators working with the hackers, who further guide the victim to deploy the malware.

The Copybara mobile malware has been deployed extensively on devices located in Italy.

October 14, 2022