A new scam targets Android phones by making them more susceptible to malware through a phone call.
The scam starts through an unsolicited SMS text that directs users to a malicious website. The said SMS pretends to be a bank message advising the receiver to download an anti-spam program.
The link directs the user to a website where they can install the BRATA malware manually or through a phishing page where they can enter their bank information.
During this phase, the malicious hackers will call their target and pretend to be bank employees, providing assistance with downloading the app.
To permit the attacker to take complete control of the hacked device, the installed Android malware involves numerous rights. The said rights include accessing the Accessibility services, the ability to see and send SMS, make phone calls and record screen activity.
A study by Cleafy points out that this Android malware is now widely circulated and it can go unnoticed even by the majority of AV scanners.
Cleafy says “A new android phone call “What makes Android RAT so interesting for attackers is its capability to operate directly on the victim devices instead of using a new device. By doing so, Threat Actors (TAs) can drastically reduce the possibility of being flagged “as suspicious”, since the device’s fingerprinting is already known to the bank.”
The Cleafy researchers also highlight the main indicators to explain the attack chain used by these TAs:
- The malware campaign targets mainly one of the biggest Italian retail banks as well as other minor banks. However, we don’t exclude that other local TAs might be using the same attack vector (BRATA) to carry over other malicious activities in other countries.
- Smishing and phishing attacks are used to distribute malicious apps and credentials harvesting.
- A new version of the BRATA malware is used to infect the device of the victims.
- A combination of both social engineering techniques and the complete control of the infected device is used by TAs to perform fraudulent transactions.
Additionally, Cleafy says that the virus may be able to uninstall certain programs, specifically, antivirus, and it can turn off Google Play Protect to prevent being marked as a suspicious app.
It can also unlock the device by itself even if it is protected by a secret pin or pattern, and it can modify the device’s setting.
To avoid these scams, users are advised to not open links sent from SMS. Users should also not install apps that are suggested via call, and lastly, to pay attention to the
Stay updated for more news here at the East County Gazette.