Android scam drains bank account by phone call

Scams can take place through email, social media and even phone calls. Recently, Android device owners outside of the United States were warned about a dangerous malware campaign that had spread to new regions.

Cleafy cybersecurity experts said that there had been an increase in Android remote access trojan (RAT) infections throughout 2021. The malware first discovered in Brazil called, BRATA, has made its way to Italy and other regions, as it is difficult to detect. The hackers behind this campaign utilize the trojan to steal banking information from Android consumers and then drain their bank accounts.

The scammers behind this malware campaign send an SMS text message that appears to be from a financial institution and contains a website link. Alternatively known as smishing, this tactic encourages the victim to click a link that then prompts them to download an anti-spam app onto their mobile device. The site also tells the victim that a bank operator will be in contact with them soon after to discuss the app they download.

BRATA is set apart from other Android malware campaigns because once the consumer visits the site and provides his or her information, they then receive a phone call from a fraud operator. A real person attempts to sway the consumer into downloading a malicious app onto their phone and uses a variety of social engineering techniques to convince the consumer that they work at a certain financial institution. Consumers that have fallen for the scam have given hackers control of their phone through the downloaded app.

Once BRATA malware has infected an Android device, it is capable of the following:

  • Intercept SMS messages and forward them to a C2 server where they get 2FA sent by the bank by SMS through logging in or to confirm money transactions.
  • Screen recording and casting which allows the malware to acquire sensitive information displayed on the screen – including audio, passwords, payment information, photos and messages.
  • Remove itself from the device it compromised in order to help reduce being detected, as well as hide its app to become less noticeable by novice users.
  • Uninstall applications such as antivirus apps and disable Google Play Protect to avoid becomming flagged by Google as a suspicious app.
  • Unlock the device and or display phishing pages.

This scam first started in Brazil in 2019; however, Cleafy said that the new accounts that spread the trojan have come from Italy, Lithuania and the Netherlands. Although this malware campaign has impacted other countries, United States citizens should be aware of it if they own an Android device.

Continue reading about the scam and the full article from MSN News.