Thursday, March 28, 2024

BRATA – Banking Trojan With Advanced Information-stealing Capabilities

Technology is evolving at a rapid pace and along with it, the threat actor behind the BRATA banking trojan has also improved the malware to release more features that are capable of stealing information.

Cleafy, a digital security company specializing in mobile security, has been tracking BRATA campaigns for the past few months. While the experts at Cleafy have noted changes in the recent campaigns which resulted in the malware staying on the device for longer periods of time.

As part of the update, several new elements have been added to the malware itself, and here they are:- 

  • Added new phishing techniques
  • Added new classes to request extra permissions
  • Dropping a second-stage payload capability from the C2 server

Campaigns Targeted

The operators of BRATA malware primarily target financial institutions and organizations. That’s why the threat actors are actively using the BRATA malware. 

It doesn’t stop there, as it switches from one attack to another when countermeasures render it inefficient at the time. 

Instead of acquiring a list of installed programs and running injections on the C2 from a list of installed apps, BRATA is now preloaded with a single phishing overlay.

This results in a reduction of malicious network traffic and decreases the interactions between the host device and the network.

The latest version of BRATA malware is now capable of sending and receiving SMS messages. Due to its recent release, it comes with a number of new features that make it incredibly easy for attackers to obtain temporary codes from the compromised device and use them for their attacks.

It compromises the following codes that are sent by banks to their customers:-

  • One-time passwords (OTPs)
  • Two-factor Authentication (2FA) codes

Within the device, BRATA fetches a ZIP archive that contains a JAR package that is named “unrar.jar” from the C2 server before nesting into the device.

While the keylogger utility software mainly monitors the events that are generated by apps on the device, and stores the text data along with the timestamps associated with these events locally on the device.

Development of BRATA

In 2019, BRATA was initially introduced in Brazil as a banking Trojan. While being a banking Trojan, it is able to execute several actions like:-

  • Taking screenshots
  • Installing new apps
  • Turning off the screen

First displayed in Europe in June 2021, BRATA made its debut on the continent. Initially, the malware was used to trick victims into giving up access to their devices by using phony anti-spam apps that appeared as part of a fake anti-spam app package. 

In addition, masked support agents manipulated victims into giving them complete control over their devices by pretending to be the regulator.

Again a new version of BRATA appeared in January 2022. This time it has utilized several elements like:-

  • GPS tracking
  • Multiple C2 communication channels
  • Customized versions for different countries’ different banking institutions

Moreover, a factory reset feature was also included in that version, which wiped all data from stolen devices after they had been compromised.

BRATA is evolving at a rate of around two months per annum, which makes sense as it keeps evolving with time. That’s why cybersecurity analysts have strongly recommended users keep their devices up to date, stay alert, and avoid downloading any applications from suspicious sources.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Website

Latest articles

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles