You are here: Home - Household Bills - News -

The Android app that steals your bank details

Written by: Emma Lunn
McAfee has warned that smartphone malware from Brazil could trick Android users into downloading dodgy apps from the Google Play Store.

The malware trojans are known as BRATAs which stands for ‘Brazilian Remote Access Tool Android’, after appearing in South America in 2018 – but they are now sweeping across the world.

The McAfee Mobile Research Team has uncovered several new variants of BRATA being distributed in Google Play, ironically posing as app security scanners.

These malicious apps urge users to update Chrome, WhatsApp, or a PDF reader, with the English language version most commonly suggesting Chrome needs an urgent update. Yet instead of updating the app in question, BRATA takes full control of your device by abusing accessibility services.

McAfee says BRATA combines full device control capabilities with the ability to display phishing webpages that steal banking credentials as well as capture screen lock credentials and keystrokes. The trojans can also record the screen of the infected device to monitor a user’s actions without their consent.

McAfee is warning Android users not to click links from untrusted sources, even if that link leads to an app in Google Play. Scammers behind BRATA have managed to publish several apps in Google Play.

How BRATA works

BRATA works by posing as a security app scanner that pretends to scan all the installed apps. At the same time, it secretly checks if any of the target apps provided by a remote server are installed in the user’s device. If that is the case, it will urge the user to install a fake update of a specific app.

Once the user clicks on ‘update now’, BRATA opens the main ‘accessibility’ tab in Android settings and asks the user to manually find the malicious service and grant permissions to use accessibility services. Although Android warns users of the potential risk of proceeding, this notification goes away when the user clicks ‘Ok’.

Smartphone users are later asked to confirm their phone’s PIN – granting scammers access to their phone. Once the malicious app is installed and accessibility permissions have been granted, BRATA can do things such as steal your PIN and password, record your device’s screen, capture keystrokes, hide incoming calls, hide warning messages, and disable Google Play Protect.

How to keep your Android smartphone safe

* Don’t trust an Android application just because it’s available in the official store.

* Consider installing McAfee Mobile Security or similar antivirus software which will alert you if an app is attempting to install or execute malware.

* Don’t click on suspicious links received from text messages or social media, particularly from unknown sources.

* Before installing an app, check the developer information, requested permissions, the number of installations, and the content of the reviews.

There are 0 Comment(s)

If you wish to comment without signing in, click your cursor in the top box and tick the 'Sign in as a guest' box at the bottom.

Big flu jab price hikes this winter: Where’s cheapest if you can’t get a free vaccine?

Pharmacies, supermarkets and health retailers are starting to offer flu jabs ahead of the winter season, but t...

Is now the time to fix your energy deal?

Fixed energy tariffs all but disappeared during the energy crisis. But now they are back with an increasing nu...

Everything you need to know about the pension triple lock

Retirees are braced to receive another bumper state pension pay rise next year due to the triple lock mechanis...

What will happen if rates change

How your finances will be impacted by a rise in interest rates.

Regular Savings Calculator

Small regular contributions can build up nicely over time.

Online Savings Calculator

Work out how your online savings can build over time.

The best student bank accounts in 2023: Cash offers, tastecards and 0% overdrafts

A number of banks are luring in new student customers with cold hard cash this year – while others are compe...

DIY investors: 10 common mistakes to avoid

For those without the help and experience of an adviser, here are 10 common DIY investor mistakes to avoid.

Mortgage down-valuations: Tips to avoid pulling out of a house sale

Down-valuations are on the rise. So, what does it mean for home buyers, and what can you do?

Money Tips of the Week