Connect with us

Press Release

After taking data, the Android spyware BRATA wipes your smartphone.

Published

on

After taking data, the Android spyware BRATA wipes your smartphone.

The most recent version of the Android malware known as BRATA now includes several new and dangerous features, such as GPS tracking, the ability to use numerous communication channels, and a tool that wipes all evidence of malicious activity from the device by performing a factory reset.

Kaspersky originally identified BRATA as an Android RAT (remote access tool) in 2019 that mostly targeted Brazilian users.

A Cleafy report from December 2021 highlighted the malware’s appearance in Europe, where it was observed to target customers of online banking services and steal their credentials with the help of con artists posing as bank customer support representatives.

Cleafy analysts kept an eye out for new features in BRATA, and in a new research released today, they show how the malware is still evolving.

versions with modifications for various audiences
The most recent iterations of the BRATA malware currently target e-banking users in China, Latin America, the UK, Poland, Italy, and Spain.

With various overlay sets, languages, and even different apps to target particular populations, each version focuses on a different bank.

In all versions, the developers employ comparable obfuscation strategies, such as enclosing the APK file in an encrypted JAR or DEX package.

The VirusTotal scan below shows how effectively this obfuscation avoids antivirus detections.

On that front, before moving on to the data exfiltration process, BRATA now actively looks for indicators of AV presence on the device and tries to erase the discovered security tools.

 

New capabilities
The keylogging functionality, which is a new feature in the most recent BRATA versions, was discovered by Cleafy researchers and adds to the existing screen capturing capabilities.

All new variations also include GPS monitoring, however analysts are unsure of its precise function.

The performing of factory resets, which the actors do in the following circumstances, is the scariest of the new malevolent features.

The fraudulent transaction has been successfully finished after the compromise (i.e. credentials have been exfiltrated).
It has been discovered by the programme that it operates in a virtual environment, perhaps for analysis.
The kill switch used by BRATA is a factory reset, which wipes the device and increases the risk of a victim experiencing an unexpected and permanent loss of data.

Finally, BRATA now supports HTTP and WebSockets and has provided new channels for data exchange with the C2 server.

 

A direct, low-latency route that is perfect for in-the-moment communication and live manual exploitation is provided by the choice of WebSockets for the actors.

Additionally, because WebSockets don’t need to send headers with each connection, less suspicious network traffic is generated, which reduces the likelihood of being discovered.

Basic safety precautions
BRATA is only one of several sneaky RATs and Android banking trojans that target users’ banking credentials that are out there.

Installing apps from the Google Play Store, avoiding APKs from dubious websites, and always scanning them with an AV programme before opening them are the best strategies to prevent being infected by Android malware.

Pay close attention to the permissions that are requested during installation and don’t allow those that don’t seem necessary for the app’s primary functions.

Finally, keep an eye on your battery life and network traffic levels to spot any sudden spikes that can be caused by malicious processes that are running in the background.

Continue Reading

Press Release

MICROSOFT IS IN TERMS TO BUY SPEECH TECHNOLOGY COMPANY NUANCE COMMUNICATIONS FOR ABOUT $16 BILLION, OR $56 A SHARE, A 23% OVERPAYMENT TO NUANCE’S FRIDAY CLOSE, According to Sources (BLOOMBERG)

Published

on

MICROSOFT IS IN TERMS TO BUY SPEECH TECHNOLOGY COMPANY

Bloomberg:

According to sources, Microsoft is in advanced talks to acquire Nuance Communications, a provider of speech technology, for about $16 billion, or $56 per share, a 23% premium to Nuance’s Friday close. The proposed price would value Nuance at $56 per share. This week could see the announcement of a deal.

Continue Reading

Press Release

Nine widely used WiFi routers had 226 vulnerabilities.

Published

on

Nine widely used WiFi routers had 226 vulnerabilities.

Even when using the most recent firmware, security researchers examined nine widely used WiFi routers and discovered a total of 226 possible vulnerabilities in them.

Millions of people use the tested routers, which are made by Asus, AVM, D-Link, Netgear, Edimax, TP-Link, Synology, and Linksys.

The TP-Link Archer AX6000, which has 32 problems, and the Synology RT-2600ac, which has 30 security flaws, are the two devices with the most vulnerabilities.

The examination process
In partnership with CHIP magazine, researchers at IoT Inspector conducted security tests with a focus on models primarily used by small businesses and residential users.

According to Florian Lukavsky, CTO & Founder at IoT Inspector, “vendors provided them with current models, which were upgraded to the newest firmware version, for Chip’s router review.”

“IoT Inspector automatically examined the firmware versions and searched for more than 5,000 CVEs and other security flaws.”

Although not all defects posed the same risk, the researchers discovered a few widespread issues that impacted the majority of the evaluated models:

The firmware contains an outdated Linux kernel.
stale VPN and multimedia features
over-reliance on BusyBox’s earlier iterations
weak default passwords like “admin” are used
Hardcoded credentials are present in plain text.
Changing the router’s default password when configuring it for the first time is one of the most crucial steps you can take to secure it, according to Jan Wendenburg, CEO of IoT Inspector.

Whether an IoT device is used at home or in a corporate network, changing the password upon first use and turning on automatic updates must be regular procedure, according to Wendenburg.

In addition to manufacturer-introduced vulnerabilities, utilising an IoT device with the adage “plug, play, and forget” poses the greatest risk.

Continue Reading

Press Release

Record: hackers scraped information of 500M LinkedIn customers and published it available online; LinkedIn validates the dataset includes publicly viewable details from its site (Katie Canales/Insider).

Published

on

hackers scraped information

ReporReport: hackers scraped data of 500M LinkedIn users and posted it for sale online; LinkedIn confirms the dataset includes publicly viewable info from its site (Katie Canales/Insider)

Katie Canales / Insider:
Report: hackers scraped data of 500M LinkedIn users and posted it for sale online; LinkedIn confirms the dataset includes publicly viewable info from its site — – Personal data from 500 million LinkedIn users has been scraped and is reportedly for sale on a hacking forum.t: hackers scraped data of 500M LinkedIn users and posted it for sale online; LinkedIn confirms the dataset includes publicly viewable info from its site (Katie Canales/Insider)

Katie Canales / Insider:
Report: hackers scraped data of 500M LinkedIn users and posted it for sale online; LinkedIn confirms the dataset includes publicly viewable info from its site — – Personal data from 500 million LinkedIn users has been scraped and is reportedly for sale on a hacking forum.

Continue Reading

Trending