Các bài viết liên quan:
The operators behind BRATA have once again added more capabilities to malware on Android mobile devices in an attempt to make their attacks against financial applications more stealthy.
Company network security “In fact, this operating model matches the Advanced Persistent Threat (APT) operating model,” Italy’s Cleafy said in a report last week. “The term is used to describe an attack campaign in which criminals establish a permanent presence on a target network to steal sensitive information.”
An acronym for “Brazil Remote Access Tool Android,” BRATA was first discovered in the wild in Brazil in late 2018, before making its first appearance in Europe last April, while rogue. is antivirus and other common productivity tools to trick users into downloading .
The change in attack pattern, which rose to a new high in early April 2022, involved tailoring malware to attack a specific financial institution at a time, shifting to a another bank only after the victim begins to take countermeasures against the threat.
Also built into the rogue apps are new features that allow it to impersonate a financial institution’s login page to collect logins, access SMS messages, and second-stage payloads (” unrar.jar”) from the remote server to log events on the compromised device.
“The combination of the phishing site with the victim’s ability to receive and read sms can be used to perform a complete account takeover (ATO) attack,” the researchers said.
Also, Cleary said they found a package sample Android apps separate (“SMSAppSicura.apk”) uses the same command and control infrastructure (C2) as BRATA to suck SMS messages, suggesting that threat actors are experimenting with different methods of scaling their reach.
The SMS-stealing app is said to be particularly selective for users in the UK, Italy, and Spain, its goal being to be able to intercept and filter all incoming messages related to one-time passwords sent by other users. Bank.
“The first malware campaigns are spread through fake anti-virus software or other popular applications, while in the campaigns, the malware is executing,” the researchers said. performed an APT attack targeting customers of a specific Italian bank,” the researchers said.
“They often focus on delivering targeted malicious apps to a specific bank for a few months, and then move on to another.”
.
