In our previous article “Mobile banking fraud: BRATA strikes again” we’ve described how threat actors (TAs) leverage the Android banking trojan BRATA to perpetrate fraud via unauthorized wire transfers.
In this article, we are presenting further insights, on how BRATA is evolving in terms of both new targets and new features, such as:
- Capability to perform the device factory reset: it appears that TAs are leveraging this feature to erase any trace, right after an unauthorized wire transfer attempt.
- GPS tracking capability
- Capability to use multiple communication channels (HTTP and TCP) between the device and the C2 server to keep a persistent connection.
- Capability to continuously monitor the victim’s bank application through VNC and keylogging techniques.