Devious new malware steals your money, then wipes your phone

January 26, 2022

By Kim Komando

Malware has been around for years. While variants come in different levels of severity, they are extremely dangerous when targeting your smartphone.

Unlike Apple’s closed ecosystem, anybody can make an app for Android with few checks and balances. Unfortunately, it also leaves Android users vulnerable to malware, as hackers can easily bury malicious code in an application.

An updated virus is shocking proof of this. Read on to discover how Brazillian malware went from spyware to potentially wiping out your device.

Here’s the backstory

A Remote Access Trojan (RAT) known as BRATA has been around since 2019. At the time, it was used as spyware and exclusively targeted Android users in Brazil. It was able to capture a victim’s screen in real-time.

BRATA initially spread through the Google Play Store as a fake WhatsApp update, with over 10,000 downloads that targeted around 500 users a day. The RAT eventually disappeared.

But almost three years later, it returned as a more harmful variant. It is no longer just a tool for spying. It now goes after banking details and can wipe your Android phone after retrieving sensitive information.

According to Cleafy, the new variant started showing up in December and now targets users in the U.K., Poland, Italy and Latin America. It will only be a matter of time before it arrives in the U.S.

The malware spreads when users install a downloader app onto their Android device. The downloader app (often fake versions of real applications) isn’t infected, so neither the Play Store nor your phone flags it. But the app asks for permissions, and when accepted, it installs malware.

The malware allows criminals to monitor your actions on your device. As soon as you open a banking app, it gets flagged, capturing login details and sending them to the thieves.

With that info, criminals can illegally steal money from your account. But the nightmare doesn’t stop there.

What you can do about it

As if having your banking credentials stolen isn’t scary enough, the updated version of BRATA can also remotely wipe your device. It does this by enabling a killswitch. The point of wiping your device is to cover up their crime and make it more difficult to trace back to the culprits.

Here are some tips for how to stay safe:

• While the primary infection method is through malicious apps, BRATA has also spread through SMS messages. So you should never click a link in an unsolicited text message.
• Only download apps from the official Google Play Store, and check the comments and reviews of an app before installing it.
• Don’t download applications from third-party app stores. They don’t have strict vetting rules like the official app stores, so it’s best to stay away.
• Have antivirus software on all of your devices. We recommend our sponsor, TotalAV. Get the Best Security Suite for 2021 and save an exclusive 80% at TotalAV.com/Kim. That’s just $19 for an entire year of protection.

Keep reading

Using free antivirus? Beware of companies that sell your data or even plant malware

Don’t download this COVID app! It’s spreading malware