Do not install the app if an app is requesting too many permissions unrelated to its functionality.The most professional and beautiful fake call and fake SMS application in Android Market! Get out the trouble, give yourself a fake-call id! Secondly, no bank ever suggests installing any app other than the official e-banking app, which is found on the Play Store/App Store and linked to from the bank’s official website.įinally, whenever you install an app, pay attention to the type of permission requested and consider its relevance to the app’s functionality. That’s a simple checking method to confirm the validity of incoming messages.
If you try to open the link contained in the SMS on a PC or laptop, the website won’t be viewable. Stay safeĪs this is a mobile campaign, desktop users are excluded from infections to narrow the targeting scope to prospective victims. The mule accounts used as intermediary points in this campaign are based in Italy, Lithuania, and the Netherlands. The actors abuse these permissions to access the victim’s bank account, retrieve the 2FA code, and eventually perform fraudulent transactions. This information is then sent to the C2 server of the attackers.
The full list of BRATA’s capabilities includes: The app requires multiple permissions to enable the actor to take full control of the compromised device, including the Accessibility services, view and send SMS, make phone calls, and perform screen recording.
In the second wave, the actors also expanded their targeting scope, raising the targeted financial institutes from one to three. These high detection rates led to a second wave using a new variant with extremely low detection rates in mid-October. That first wave failed in AV detection, having a 50% stealthiness rate in Virus Total. Most of the malicious apps were called “Sicurezza Dispositivo” (Device Security) and were promoted as anti-spam tools. The Italian campaign was first spotted in June 2021, delivering multiple Android apps through SMS phishing, otherwise known as smishing. The variant currently in circulation is new, and according to a report by researchers at Cleafy, it can pass undetected by the vast majority of AV scanners.īRATA was previously seen in Brazil, delivered via apps on the Google Play Store, but it appears that its authors are now selling it to foreign operators, which is not unusual in this field. The BRATA Android remote access trojan (RAT) has been spotted in Italy, with threat actors calling victims of SMS attacks to steal their online banking credentials.