Press Release
After taking data, the Android spyware BRATA wipes your smartphone.
The most recent version of the Android malware known as BRATA now includes several new and dangerous features, such as GPS tracking, the ability to use numerous communication channels, and a tool that wipes all evidence of malicious activity from the device by performing a factory reset.
Kaspersky originally identified BRATA as an Android RAT (remote access tool) in 2019 that mostly targeted Brazilian users.
A Cleafy report from December 2021 highlighted the malware’s appearance in Europe, where it was observed to target customers of online banking services and steal their credentials with the help of con artists posing as bank customer support representatives.
Cleafy analysts kept an eye out for new features in BRATA, and in a new research released today, they show how the malware is still evolving.
versions with modifications for various audiences
The most recent iterations of the BRATA malware currently target e-banking users in China, Latin America, the UK, Poland, Italy, and Spain.
With various overlay sets, languages, and even different apps to target particular populations, each version focuses on a different bank.
In all versions, the developers employ comparable obfuscation strategies, such as enclosing the APK file in an encrypted JAR or DEX package.
The VirusTotal scan below shows how effectively this obfuscation avoids antivirus detections.
On that front, before moving on to the data exfiltration process, BRATA now actively looks for indicators of AV presence on the device and tries to erase the discovered security tools.
New capabilities
The keylogging functionality, which is a new feature in the most recent BRATA versions, was discovered by Cleafy researchers and adds to the existing screen capturing capabilities.
All new variations also include GPS monitoring, however analysts are unsure of its precise function.
The performing of factory resets, which the actors do in the following circumstances, is the scariest of the new malevolent features.
The fraudulent transaction has been successfully finished after the compromise (i.e. credentials have been exfiltrated).
It has been discovered by the programme that it operates in a virtual environment, perhaps for analysis.
The kill switch used by BRATA is a factory reset, which wipes the device and increases the risk of a victim experiencing an unexpected and permanent loss of data.
Finally, BRATA now supports HTTP and WebSockets and has provided new channels for data exchange with the C2 server.
A direct, low-latency route that is perfect for in-the-moment communication and live manual exploitation is provided by the choice of WebSockets for the actors.
Additionally, because WebSockets don’t need to send headers with each connection, less suspicious network traffic is generated, which reduces the likelihood of being discovered.
Basic safety precautions
BRATA is only one of several sneaky RATs and Android banking trojans that target users’ banking credentials that are out there.
Installing apps from the Google Play Store, avoiding APKs from dubious websites, and always scanning them with an AV programme before opening them are the best strategies to prevent being infected by Android malware.
Pay close attention to the permissions that are requested during installation and don’t allow those that don’t seem necessary for the app’s primary functions.
Finally, keep an eye on your battery life and network traffic levels to spot any sudden spikes that can be caused by malicious processes that are running in the background.
Press Release
Angry IT administrator destroys employer’s databases; sentenced to 7 years in prison
Han Bing, a former database manager for Lianjia, a major Chinese real estate agency, was given a 7-year prison term for breaking into company computers and erasing data.
Bing is accused of carrying out the conduct in June 2018, when he reportedly accessed the company’s finance system using his administrator rights and “root” account and deleted all previously saved data from two database servers and two application servers.
Large elements of Lianjia’s operations were immediately crippled as a result, leaving tens of thousands of workers without pay for an extended length of time and necessitating a data restoration effort that cost about $30,000.
However, because Lianjia has thousands of offices, employs over 120,000 brokers, owns 51 companies, and has an estimated $6 billion market value, the indirect costs from the firm’s economic disruption were significantly more detrimental.
examination of the staff
H. Bing was one of the five primary suspects in the event involving the data deletion, according to records made public by the court of the People’s Procuratorate of Haidian District, Beijing.
When the administrator refused to reveal his laptop password to the company’s inspectors, suspicions were quickly aroused.
Chinese media outlets who reprinted portions of the disclosed documents explain that “Han Bing stated that his computer had confidential data and the password could only be handed to official authorities, or would only accept entering it personally and being present during the checks.”
The checks were solely carried out to evaluate the response of the five employees who had access to the system because, as the investigators testified in court, they knew that such an operation wouldn’t leave any records on the laptops.
Finally, the experts were able to pinpoint the activity to particular internal IPs and MAC addresses after retrieving access records from the servers. The inspectors even collected WiFi network logs and timestamps, which they afterwards compared against CCTV footage to validate their suspicions.
The forensic expert hired by the company concluded that Bing had wiped the databases using the “shred” and “rm” commands. Rm deletes the files’ symbolic links, whereas shred overwrites the data three times with different patterns to make it unrecoverable.
Unhappy employee?
Unexpectedly, Bing had regularly warned his employer and superiors about security flaws in the finance system, even emailing other administrators to express his concerns.
He was mostly disregarded, nevertheless, as the departmental administrators never gave their approval for the security project he wanted to oversee.
This was supported by the testimony of the director of ethics at Lianjia, who told the court that Han Bing frequently argued with his superiors because he believed his organisational suggestions weren’t valued.
A similar incident occurred in September 2021 when a former employee of a credit union in New York deleted approximately 21.3GB of records in a 40-minute rampage as retaliation for her managers terminating her.
Press Release
Zuckerberg says Facebook is dealing with Spotify on a songs assimilation job codenamed Task Boombox (Salvador Rodriguez/CNBC).
Zuckerberg says Facebook is working with Spotify on a music integration project codenamed Project Boombox (Salvador Rodriguez/CNBC)
Salvador Rodriguez / CNBC:
Zuckerberg says Facebook is working with Spotify on a music integration project codenamed Project Boombox — – Facebook CEO Mark Zuckerberg on Monday announced that the company is building audio features where users can engage in real-time conversations with others.
Press Release
THE UNITIONS OF WEARABLE DEVICE SHIPMENTS FOR 2020 GREW 28.4% TO 444.7M UNITS, TEAHING FROM APPLE, WHICH GREW 27.2% IN Q4 AND HAS 36.2% MARKETSHARE, FOLLOWED BY XIAOMI AT *9% (IDC).
Wearable device shipments for 2020 grew 28.4% to 444.7M units globally, led by Apple which grew 27.2% in Q4 and has 36.2% marketshare, followed by Xiaomi at ~9% — Worldwide shipments of wearable devices reached 153.5 million in the fourth quarter of 2020 (4Q20), a year-over-year increase …
-
Social Media12 months ago
Who is Rouba Saadeh?
-
Apps12 months ago
Why is Everyone Talking About Hindi Keyboards?
-
Apps12 months ago
Things you need to know about Marathi keyboard today
-
Social Media12 months ago
Mati Marroni Instagram Wiki (Model’s Age, Net Worth, Body Measurements, Marriage)
-
Apps12 months ago
Stuck with Your default Bangla keyboard? Isn’t it time for a change?
-
Entertainment12 months ago
12 Online Streaming Sites that Serve as Best Alternatives to CouchTuner
-
Entertainment12 months ago
Movierulz Website: Movierulzz 2021 Latest Movies on Movierulz.com
-
Games10 months ago
Top 7 Popular Puzzle and Card Games for Relaxing Your Brain on Mobile, Featuring Solitaire