• Home
  • /Learn
  • /What is BRATA Android Malware and How Has it Evolved?
background image


What is BRATA Android Malware and How Has it Evolved?


The BRATA Android malware is quickly becoming an Advanced Persistent Threat (APT). Here's what you need to know about this dangerous Android malware.

What is BRATA?

BRATA, which stands for Brazilian Remote Access Tool for Android, has been around since 2019, progressing from spyware into banking malware. It’s a malicious Android banking malware best known for hiding its tracks and has received many new capabilities to boost its ability to phish online-banking passwords by targeting the login sites of online banks.

It can easily steal money from your bank account without leaving a trail. The threat actors responsible for this malicious software have upgraded it with new capabilities. The Brazilian Remote Access Tool initially appeared in 2019, posing as an antivirus app or security software for Android users to acquire credentials fraudulently. 

BRATA attackers target one financial institution at a time, shifting their attention to another only when the victim starts taking standard precautions against the infection. They step back from the spotlight to find a new target and devise a new infection technique. 

A new BRATA android malware

A new BRATA Android malware has surfaced in recent months. Security researchers found the latest version masquerading as a specific bank application in the EU, with significant internal changes, such as a new phishing strategy to imitate the target bank's login page and gain the charge of GPS and device management permissions. This new version may let hostile actors gain two-factor authentication (2FA) credentials and physical location information required to access bank accounts.

The mobile virus may now sideload code from its command and control (C2) to perform Event Logging on compromised devices.

How Does BRATA Android Malware Attack Your System?

BRATA is a financial Trojan that acquires access to your bank, withdraws cash, and then wipes your phone clean with a factory reset to conceal its actions.

The assault starts with an SMS (smishing) link to a malicious website. This SMS is a spoof of the target bank and attempts to fool consumers into installing a program that would 'help improve their security,' such as an anti-spam app. The link leads the unsuspecting customers to a phishing website, resembling the bank's login page, which collects credentials for further social engineering exploitation. 

To infect the computer, the fraud operator calls the victim and convinces them to download infected software. Unsuspecting victims provide the fraudsters with their personal information. 

The malicious app assumes complete smartphone control during installation by gaining access to its accessibility services, SMS rights, and recording/casting modules. The attackers now have access to everything they need to conduct fraudulent bank transactions, including the ability to evade two-factor authentication (2FA) regulations.

This software's initial features were screen capture, app installation, and deactivating the screen to make the device seem switched off. The BRATA Android malware has since initiated assaults across Europe, targeting consumers of Spanish and British banks in 2021. 

Hackers may use phishing sites and the ability to receive and read the victim's SMS to access the victim's bank account. 


BRATA first appeared as a banking malware in Brazil in 2019 and has been transforming into an APT by adding newer capabilities. Staying alert is not always enough to defend your devices against the BRATA Android malware, and other Trojan software, as elaborate social engineering methods may fool even tech-savvy users. The best way to protect your devices and data is by using a reliable mobile security solution that can detect and block such threats.