Why you should be on the lookout for BRATA

  • Home
  • Blog
  • Why you should be on the lookout for BRATA
image
  • Posted On: February 7, 2022  

Executive Summary

IA common misconception is that only Windows, macOS, and Linux computers need cyber security in 2022. Android and iOS malware exists, and its presence in the Western world is increasing each day. Today we'll be looking into the ‘BRATA’ remote access trojan (more commonly known as a ‘RAT’), how it can get onto your Android devices, and what you can do to protect yourself.

What is it?

Originally discovered in 2019, BRATA got its name because it was used to specifically target users in Brazil, to steal and gain remote access to devices (it could theoretically infect any vulnerable Android device, but at the time, it was mainly Brazilian users who were being targeted). Because of this, the cyber security company Kaspersky – who initially discovered, researched, and documented it – called it the ‘Brazilian RAT Android,’ or ‘BRATA for short.

How does it infect users' devices?

Typically, BRATA is delivered by phishing campaigns, which trick users into downloading fake 'security scanning' apps. The app ‘scans’ your device for ‘vulnerabilities,’ telling users that they need to ‘Update Now’ with the image of an installed application above it. This would then prompt for permissions for "Assistance Service" (named this on some Android Operating Systems), which grants the application almost full control over the OS. It should be noted that these applications were also hosted on the official Google Play Store, and bypassed the checks carried out by the store’s anti-malware tool, Google Play Protect.

What can it do?

Once BRATA is installed and given the correct permissions, it runs in the background and is able to do all of the following:

- Manipulate incoming call visibility

- Steal lock screen credentials

- Execute actions

- Stop/start a keylogger

- Stop/start an application or activity

- Manipulate the user interface to post messages on screens

- Record and take screen captures

- Manipulate the clipboard

- Schedule activities

To ensure it’s not found and remains on the victim’s device, BRATA takes multiple actions to stay under the radar. For example, BRATA can hide permission warning messages. It can simulate confirmation prompt acceptance, and also disables the Google Play Store, which in turn disables Google Play Protect.

Why should you care?

The first iteration of the BRATA campaigns were Portuguese, but since 2019 it has been observed in English and other languages, meaning that you may be targeted wherever you are in the world. Furthermore, phishing campaigns are becoming more sophisticated as time progresses, and it’s becoming more difficult for those who aren’t security specialists to differentiate between a genuine entity and a phishing attempt.

With the increase in sophistication, it’s easier to fall victim to identity theft, credential theft or general data theft which harms both the individual and their affiliated organisations.

How can you protect yourself?

There are many ways to protect yourself. Firstly, keeping up with relevant stories such as this one and keeping yourself aware of the current threats will help you to know what to look out for when it comes to email spoofing, malicious code hidden in attachments, and links within emails hosting malicious entities. Furthermore, try not to click on any suspicious and malicious links (especially when they come from unknown sources), and don't trust an Android application just because it's hosted on the official app store, without doing any research into the application’s publisher.

If you haven't already heard of our partners over at Lookout, they utilise security telemetry from more than one hundred million analysed applications. Lookout is able to offer expert protection without any more action needed from the user. Lookout Phishing Protection is also able to block the connection to harmful links, and stop cyber attacks before they’ve even begun.

We also recommend looking into Lookout’s Mobile Endpoint Security protection, which offers users a large selection of mobile endpoint security both in and outside of an organisation. It includes Phishing Protection, Application and Device Vulnerability Scanning, and Incident investigation, to give you and your data the security that it needs. This, combined with the solutions that we offer at CSA, means that we can offer full cyber security services for all devices – something especially important with the increased use of mobile devices nowadays, thanks to the recent shift to remote working.

BRATA is just one of many trojans and RATs that you need to watch out for when doing business online – and even when you’re not doing business, you shouldn’t let your guard down. Even if you know exactly what to look out for, the developers of these kinds of malware are always adapting them and adding new features to try and expand their reach. At Cyber Security Associates, we offer mobile endpoint protection on all of your devices, from smartphones and tablets to laptops and Chromebooks. If you want to know more, or learn how we can help safeguard your connected devices, head to our website – or you can get in touch with our team of experts for advice.



Would you like to talk to us and find out more about our services?

Please fill in the form below and one of the team will get in touch.

About Us

Established in 2013, Cyber Security Associates Limited (CSA) provides cyber consultancy and cyber managed services which help to detect, protect and educate against the ever-changing cyber threat. We have built our team from a foundation of Government (ex-Military) and Commercially experienced specialists all holding current and relevant cyber certifications. Today our core services are based around a 24/7 Security Operations Centre (SOC) based in Gloucester.

News & Resources

Quick Links

Contact Information

Phone: +44(0) 300 303 4691
Email: [email protected]
Address: Head Office, Unit 11, Wheatstone Court, Waterwells Business Park, GL2 2AQ
Sign up for our newsletter


cert

2024 Cyber Security Associates Ltd - All Rights Reserved | All Logos and Trademarks are © or ™ of there respective owners