Warning for millions of Android users as Brazilian malware lands in Europe

Warning for millions of Android users as Brazilian malware lands in Europe

A dangerous piece of malware first identified in Brazil has been reported in Europe.

The rogue software can obtain personal information, such as digital banking information, from victims through a scam voice call.

Android users are at particular risk of the so-called BRATA malware because it can also be delivered through the Google Play Store.

According to reports, the BRATA malware was picked up in Italy over the summer where it flies under the radar of any antivirus software installed on a phone.

That’s because the people who created the malware back in Brazil are now selling it overseas to scammers who want to use it to steal personal information.

The software works in tandem with a phone call to completely compromise a smartphone.

The attack begins with an unsolicited SMS text linking to a malicious website, reports Bleeping Computer.

This text claims to be a message from a bank urging the recipient to download an anti-spam app.

The link leads to a page from where the victim downloads the BRATA malware themselves or takes them to a phishing page to enter their banking credentials.

During that step, the people behind the app call the victim on the phone and pretend to be an employee of the bank, offering help with installing the app.

While on the phone and guiding the victim through the set-up, the scammers grant themselves access to Accessibility services, the option to make and receive calls and view messages as well as screen record via the software.

Researchers at Cleafy looked into the scam and warned Android users to be vigilant.

No bank will ever require a user to install any other app than their official electronic banking app. Furthermore, when installing any kind of app, it is always advisable to check the permissions requested.

Jim Winters, from Barclays, confirmed these steps: ‘Your bank will never call you and ask you to move your money to a ‘safe’ account, make a payment, or hand over cash.’

‘The police won’t either. If your so-called bank or police try to pressure you into making a payment, it’s probably a scam,’ he says.

Source: Read Full Article