This cruel Android malware wipes phones after stealing money

The BRATA Android remote access trojan began life as spyware but was upgraded to a banking trojan and now can perform a device factory reset, according to new research. 

Victims of Android malware are often advised to perform a factory reset after cleaning up an infection, but BRATA now does the reset for another reason: in order to wipe any evidence after conducting an illicit wire transfer from the victim’s online bank account.

ZDNet Recommends

BRATA or “Brazilian RAT Android” was named by Kaspersky researchers in 2019 because it exclusively targets Android users in Brazil. Since then, it has broadened its reach to US and Spain bank brands, according to McAfee.

SEE: A winning strategy for cybersecurity (ZDNet special report)

Security firm Cleafy analyzed three new BRATA variants and its researchers reckon BRATA’s authors are using the factory reset in order to impede victims from discovering an unauthorized wire transfer attempt. This blocks victims from reporting and stopping a fraudulent transaction. 

The factory reset acts as a kill switch that is executed after a successful illicit wire transfer or when it detects analysis by installed security software. 

“It appears that [threat actors] are leveraging this feature to erase any

Read More: