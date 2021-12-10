It all starts with an SMS. A classic: and anyone with a little computer experience can recognize a suspicious message very well. But smartphones are in the hands of billions of people, many of whom are somewhat at the mercy of their devices, and lack the tools to recognize a danger.
And this is how you can then find yourself with some unpleasant news on the bank account. The BRATA malware, according to researchers from Cleafy who have traced its diffusion and reconstructed its functioning (find more technical information at the link in SOURCE), he also landed in Italy. And therefore it is good to warn less experienced users, among those we know, of the possible danger.
But what is it about, in detail? As mentioned, the attack begins with the receipt of an SMS which simulates a banking origin and contains an inevitable link to a website. If the victim falls for it, and clicks on the link, the screen will appear request to download an alleged “anti-spam app”, with the clarification that a bank assistant will contact you to discuss the details of the matter.
The particular thing, compared to other similar frauds, is that at this height to convince the user to take the last step the call really arrives. An extra foresight that helps simulate the validation procedures of services and apps on smartphones, thus creating a dangerous “reality effect”.
If the user does not realize the rip-off, and then decides after being ensnared to proceed with the installation of the app, then we start the trouble. And only in this case: for scams of this type to succeed, the naive complicity of the victims is needed, as always.
Once the app is installed, BRATA malware will have free rein to do its job, gaining enormous control over the phone: it will in fact intercept the SMS and forward them to a C2 server (function used by banks to get the password sent for thetwo-factor authentication during the login phase or in order to confirm money transactions), record the screen and transmit its content to malicious people (who can thus easily acquire sensitive information), uninstall applications that hinder it such as antivirus, disable Google Play Protect so as not to be reported as a suspicious app, intervene on the device settings in order to ensure all privileges it needs, thus also being able to unlock it if authentication is delegated to a pin or a sequence.
And if needed, BRATA also has a “self-destruct button”: it can also make it lose its traces by removing itself from the device that hosts it in order to reduce the chances of being detected. In short, a threat in all respects, since the amount of information it manages to draw on, and the depth it manages to reach, allows the malware to be a lock pick for the victims’ bank accounts, for example, with hackers who at that point they can begin authorizing payments by bypassing the two-factor authentication protection.