Saturday, 11 December 2021 04:49

Dangerous Android scam drains your bank account with just one phone call

Rate this item
(0 votes)

Android device owners now have another scam to watch out for as a dangerous malware campaign spreads to new regions. Cybersecurity experts from Cleafy say that they have seen a spike in Android remote access trojan (RAT) infections over the past year. According to Cleafy, BRATA – a malware first discovered in Brazil – has made its way to Italy. Hackers are using the trojan to steal banking details from Android users and then drain their bank accounts.

New Android scam steals banking information

As the cybersecurity experts explain, this new version of the BRATA malware is difficult to detect.

First, the threat actors send an SMS text message containing a link to a website. The text appears to be from the bank. This is a tactic known as smishing (phishing with SMS). If the victim clicks the link, the site they visit will prompt them to download an anti-spam app. The site also tells the victim a bank operator will contact them soon to discuss the app they’re downloading.

This is where BRATA stands apart from other common Android malware campaigns.

Once you visit the site and offer up your information, you will receive a call from a fraud operator. A real person will then attempt to sway you into downloading the malicious app. They will use a variety of social engineering techniques to convince you they work with the bank. Should you fall for it, you might end up installing an app that hackers can use to control your phone.

What is BRATA capable of doing to your phone?

Here’s what the BRATA malware is capable of doing after infecting your Android device:

Intercept SMS messages and forward them to a C2 server. This feature is used to get 2FA sent by the bank via SMS during the login phase or to confirm money transactions.

Screen recording and casting capabilities that allow the malware to capture any sensitive information displayed on the screen. This includes audio, passwords, payment information, photo, and messages (as shown in Figure 15). Through the Accessibility Service, the malware clicks the “start now” button (of the popup) automatically, so the victim is not able to deny the recording/casting of the owned device.

Remove itself from the compromised device to reduce detection.

Uninstall specific applications (e.g., antivirus).

Hide its own icon app to be less traceable by not advanced users.

Disable Google Play Protect to avoid being flagged by Google as a suspicious app.

Modify the device settings to get more privileges.

Unlock the device if it is locked with a secret pin or pattern.

Show phishing page.

Abuse the accessibility service to read everything that is shown on the screen of the infected device or to simulate taps on the screen. This information is then sent to the C2 server of the attackers.

Are you at risk?

The BRATA Android scam first began making the rounds in Brazil in 2019. Cleafy says that the new mule accounts spreading the trojan are mostly coming from Italy, as well as Lithuania and the Netherlands. So, if you live in the US, this specific campaign probably won’t target you. That said, it’s one more scary threat that you should be aware of if you own an Android device.

 

BGR

November 21, 2024

How small businesses can leverage dark social to drive word-of-mouth marketing

Key Takeaways Dark social refers to sharing online content through private communication channels like email,…
November 21, 2024

Northern leaders say won’t support Tinubu for re-election due to president’s incompetence, bad policies

The Arewa Consultative Forum (ACF) has announced its decision to support northerners running for the…
November 18, 2024

The magic and the minefield of confidence: Self doubt, hubris and everything in between - The Economist

Confidence is contagious. Someone declaring a position with ringing certainty is more likely to inspire…
November 16, 2024

Influencer eats pig feed in extreme attempt to save money

Popular Douyin streamer Kong Yufeng recently sparked controversy in China by eating pig feed on…
November 21, 2024

50 terrorists killed as Boko Haram insurgents ambush security personnel guarding national grid in Niger…

At least 50 Boko Haram fighters were killed on Tuesday and seven members of Nigeria's…
November 21, 2024

What to know after Day 1001 of Russia-Ukraine war

WESTERN PERSPECTIVE US reopens Kyiv embassy after Ukraine firing of ATACMS missiles into Russia prompted…
November 21, 2024

Nigeria comes top in instant payment system inclusivity index in Africa

Nigeria’s instant payment system is projected to advance to the maturity inclusion spectrum ahead of…
October 27, 2024

Nigeria awarded 3-0 win over Libya after airport fiasco

Nigeria have been awarded a 3-0 victory over Libya, and three vital points, from their…

NEWSSCROLL TEAM: 'Sina Kawonise: Publisher/Editor-in-Chief; Prof Wale Are Olaitan: Editorial Consultant; Femi Kawonise: Head, Production & Administration; Afolabi Ajibola: IT Manager;
Contact Us: [email protected] Tel/WhatsApp: +234 811 395 4049

Copyright © 2015 - 2024 NewsScroll. All rights reserved.