New malware sold on Telegram can access your cell phone resources | TC Detective

 New malware sold on Telegram can access your cell phone resources |  TC Detective
1684461043 new malware sold on telegram can access your cell phone.jpeg

It is not new that messengers and social networks are often used to commit crimes, without being held responsible for illicit content published and disseminated.

This time, new malware was discovered with sales through Telegram, whose content was not removed from the air. Detective TechSmart had access to information about him and tells the details now.

What is the Brata RAT?

The Brata RAT – abbreviation which means Remote Access Trojan – consists of malware that operates on mobile phones. It is capable of infiltrating smartphones running Android and iOS operating systems in order to carry out spying on infected devices.

According to the national cybersecurity firm ISH Technologythis attack has been gaining strength in recent days and is created especially to infect devices in Europe, despite the developer claiming not to be Europeian.

The distribution of the virus occurs through the opening of malicious files, usually incorporated into links sent to mobile devices, fake games and “applications to circumvent games”. Marketing takes place through Telegram, through a direct channel with the developer of the malicious tool.

The specialized company that discovered the act added that the owners of the Brata RAT system even announced a fifth version of the malware. In other words, they keep updating their malware to make fewer mistakes and free up more resources for cybercriminals who want it.

“With each new update of these malware, fewer mistakes are made by the developers and more tools are made available – so it becomes very difficult to recover and protect your data once your electronic device is infected. It is of paramount importance that users maintain security principles and recommendations with their mobile devices, using only official stores to download applications, constantly updating the software so that the attacker does not take advantage of old system flaws and using strong passwords and different so that, once infected, there is time to repair the damage and always check the amount of permissions that the application may require from the device.”

Caique Barqueta

ISH Malware Analyst

What are your dangers?

A ISH Technology performed tests on systems infected by the malware and discovered which areas it is able to affect on the victim’s cell phone. According to the results, it was possible to identify that the attacker can monitor resources such as the screen, camera and microphone in real time.

In addition, the app would have the potential to create custom files, with the name of the client, app, package, version and icon, which would make it even more difficult to discover the existence of the virus on the device.

“Even though it is still only in the V4 update of this Trojan, the application sold has the potential to create extremely customized files, with the client name, app name, package name, app version, icon and other possibilities being added. This means that, for a certain amount of money, everyone can become an invader, as it is only necessary to command the Brata RAT application.”

Caique Barqueta

Image: Disclosure / ISH Tecnologia

The attack occurs when asking the victim for permissions for a series of information on their smartphone, such as camera registrations and microphone, during the installation of the “disguised” Trojan through an APK file.

After concessions by the deceived individual, the cybercriminal on the other side gains access to screen control, phone numbers, camera, download permissions and account passwords.

Sale by Telegram

Detective TC found information about the marketing of malware on Telegram. When searching for the malware, we noticed that it is very easy to find the channels that talk about the Trojan, which always direct to a specific one – the developer –, where the details of the virus and its updates are disclosed.

The channel – with the suggestive name of @nocrimer and which currently has more than 1,000 subscribers – was created on January 31st and, since then, has been advertising the “product” offered.

The developer initially charges US$2,000 for sending the source code of the Brata RAT, which allows the buyer to customize his own version of the virus, or US$1,000 for the private version.

With each update, the account owner not only notifies his subscribers, but also reveals what’s new. In one of the cases, on April 21, it even stated that a tutorial was added on how to make the APK installation file “more undetectable”.

Some videos are also posted on the Telegram channel which contain the Brata RAT in action. Other posts show the contact between the interested party and the developer, who says he only sends the malware download after sending proof of payment.

How to protect yourself?

After all, how can you protect yourself from attacks like the one sold on Telegram? Among the main recommendations is that of downloading applications only through the official stores of the Android and iOS systems – Google Play and the App Store, respectively.

In addition, it is important to keep your cell phone always up to date, so that the attacker does not exploit old software flaws when trying to illegally control your smartphone.

Another tip is to use strong and different passwords. That way, if you get infected, you’ll have more time and ease to remedy the possible damage.

Finally, it is worth always checking the amount of permissions that each application can request on your device, in order not to grant more access than necessary for a given tool to work – as well as being suspicious of those that ask for a greater amount than they should .

official answer

This column sought out Telegram’s press office, through the channel dedicated to communications with journalists within the messenger itself. However, as of the time of publication, there has still been no response.

The space will be open for the social network to position itself on the presence of this type of content openly on the platform, as well as what measures it will take to prevent the app from being used to commit more cybercrimes.

In your opinion, what measures could be taken so that crimes like this are not openly committed? Join us!