Security experts at Kaspersky have discovered a new Android remote access tool (RAT), tracked as BRATA (the name comes from ‘Brazilian RAT Android’), that was used to spy on Brazilian users. The BRATA RAT was first detected in January while spreading via WhatsApp and SMS messages
““BRATA” is a new Android remote access tool malware family. We used this code name based on its description – “Brazilian RAT Android”. It exclusively targets victims in Brazil: however, theoretically it could also be used to attack any other Android user if the cybercriminals behind it want to.” reads the analysis from Kaspersky. “It has been widespread since January 2019, primarily hosted
The RAT was delivered through the official Google Play
Most of the tainted apps pose as an update to the popular instant messaging application WhatsApp that would address the CVE-2019-3568 flaw in the instant messaging application. Once the malware has infected the victim’s device, it will start
BRATA supports many commands, such as unlocking the victims’ devices, collecting device information, turning off the device’s screen to surreptitiously run tasks in the background, executing any particular application and uninstall itself and removes any infection traces.
“It is worth mentioning that the infamous fake WhatsApp update registered over 10,000 downloads in the official Google Play Store, reaching up to 500 victims per day.” concludes Kaspersky.
The report includes indicators of compromise (IOCs) for the BRATA RAT malware.