A new set of malicious Android apps have been caught posing as app security scanners on the official Play Store to distribute a backdoor capable of gathering sensitive information..surged by urging users to update the apps named BRATA (Brazil Remote Access Tool Android)
“It combines full device control capabilities with the ability to display phishing webpages that steal banking credentials in addition to abilities that allow it capture screen lock credentials, capture keystrokes, and record the screen of the infected device to monitor a user’s actions without their consent,” promoting users to install fake app updates for distribute backdoors
By disabling the Play Store app, the idea is also to disable Play Protect, a feature that preemptively runs a safety check on apps before they are downloaded from the app store, and routinely scans Android devices for potentially harmful apps and removes them.
The new versions of BRATA also come equipped with added obfuscation and encryption layers, besides moving most of the core functionality to a remote attacker-controlled server, in turn allowing the attackers to easily update the malware and exploit the devices they were installed on while staying under the radar.
“BRATA is just another example of how powerful the (ab)use of accessibility services is and how, with just a little bit of social engineering and persistence, cybercriminals can trick users into granting this access to a malicious app and basically getting total control of the infected device,” the researchers concluded.