Article 5VF1B Android malware can factory-reset phones after draining bank accounts

Android malware can factory-reset phones after draining bank accounts

by
Dan Goodin
from Ars Technica - All content on (#5VF1B)
phone-destruction-800x536.jpeg

Enlarge (credit: Getty Images)

A banking-fraud trojan that has been targeting Android users for three years has been updated to create even more grief. Besides draining bank accounts, the trojan can now activate a kill switch that performs a factory reset and wipes infected devices clean.

Brata was first documented in a post from security firm Kaspersky, which reported that the Android malware had been circulating since at least January 2019. The malware spread primarily through Google Play but also through third-party marketplaces, push notifications on compromised websites, sponsored links on Google, and messages delivered by WhatsApp or SMS. At the time, Brata targeted people with accounts from Brazil-based banks.

Covering its malicious tracks

Now Brata is back with a host of new capabilities, the most significant of which is the ability to perform a factory reset on infected devices to erase any trace of the malware after an unauthorized wire transfer has been attempted. Security firm Cleafy Labs, which first reported the kill switch, said other features recently added to Brata include GPS tracking, improved communication with control servers, the ability to continuously monitor victims' bank apps, and the ability to target the accounts of banks located in additional countries. The trojan now works with banks located in Europe, the US, and Latin America.

Read 6 remaining paragraphs | Comments

index?i=SdoijkdYvw0:h9nJhc5ZWeo:V_sGLiPB index?i=SdoijkdYvw0:h9nJhc5ZWeo:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments