They discover a new malware on Google Play: in this case, a Trojan posing as some popular applications.
While we are still recovering from the last case of malware discovered on Google Play, a new threat is already on the app store Google's operating system.
His name is BRATA, and it is a Trojan of Brazilian origin, which seems to have landed on Android with the aim of impersonating popular apps like WhatsApp, Google Chrome or PDF readers to take control of victims' devices.
Spain and the United States appear to be two of the countries, along with Brazil, most affected by this threat.
This is how BRATA works, the Trojan that masquerades as popular apps
BRATA is not a new threat. Expert cybersecurity researchers at McAfee claim that the first clues of this malware They were discovered in 2018, and since then it has been appearing and disappearing from the app store. His name is the acronym for Brazilian Remote Access Tool Android.
And that is precisely what this malware does: try get control of Android devices those it infects, to steal data, record the screen or monitor the use of the device.
To achieve this, the application pretends to be famous apps, which users of the infected devices would think are safe.
In this case, the application has crept into Google Play disguised as different utilities, some of them accumulating more than 10,000 installations. In the image below these lines, you can see the infected apps discovered by McAfee.
When running one of the applications affected with this malware, users were asked to install a fake update for a specific app. A curious fact in the way this app works is that, depending on the language in which the device is configured, one application or another is suggested. In case of having the mobile in Spanish, the application used WhatsApp like bait, while in case of using English, Chrome was used.
In any case, the alleged downloaded apps are fake, and the downloaded application was actually a malware capable of, among other things, take screenshots, manipulate clipboard content, hide incoming calls, unlock the device or launch activities. They also do some automated actions through the abuse of the system's accessibility permissions.
From McAfee they state that Google was informed about the threat in October 2020, and the company proceeded to remove the infected apps from Google Play subsequently. Still, Android users are advised to check if any of the affected apps are installed on their devices, and if so, remove them as soon as possible.
Related topics: Apps, Google Play