Save, make, understand money

Household Bills

The Android app that steals your bank details

Emma Lunn
Written By:
Emma Lunn

McAfee has warned that smartphone malware from Brazil could trick Android users into downloading dodgy apps from the Google Play Store.

The malware trojans are known as BRATAs which stands for ‘Brazilian Remote Access Tool Android’, after appearing in South America in 2018 – but they are now sweeping across the world.

The McAfee Mobile Research Team has uncovered several new variants of BRATA being distributed in Google Play, ironically posing as app security scanners.

These malicious apps urge users to update Chrome, WhatsApp, or a PDF reader, with the English language version most commonly suggesting Chrome needs an urgent update. Yet instead of updating the app in question, BRATA takes full control of your device by abusing accessibility services.

McAfee says BRATA combines full device control capabilities with the ability to display phishing webpages that steal banking credentials as well as capture screen lock credentials and keystrokes. The trojans can also record the screen of the infected device to monitor a user’s actions without their consent.

McAfee is warning Android users not to click links from untrusted sources, even if that link leads to an app in Google Play. Scammers behind BRATA have managed to publish several apps in Google Play.

How BRATA works

BRATA works by posing as a security app scanner that pretends to scan all the installed apps. At the same time, it secretly checks if any of the target apps provided by a remote server are installed in the user’s device. If that is the case, it will urge the user to install a fake update of a specific app.

Once the user clicks on ‘update now’, BRATA opens the main ‘accessibility’ tab in Android settings and asks the user to manually find the malicious service and grant permissions to use accessibility services. Although Android warns users of the potential risk of proceeding, this notification goes away when the user clicks ‘Ok’.

Smartphone users are later asked to confirm their phone’s PIN – granting scammers access to their phone. Once the malicious app is installed and accessibility permissions have been granted, BRATA can do things such as steal your PIN and password, record your device’s screen, capture keystrokes, hide incoming calls, hide warning messages, and disable Google Play Protect.

How to keep your Android smartphone safe

* Don’t trust an Android application just because it’s available in the official store.

* Consider installing McAfee Mobile Security or similar antivirus software which will alert you if an app is attempting to install or execute malware.

* Don’t click on suspicious links received from text messages or social media, particularly from unknown sources.

* Before installing an app, check the developer information, requested permissions, the number of installations, and the content of the reviews.