Her researchers Kaspersky they discovered a new malicious Android Remote Access Tool (RAT) named BRATA. The hackers hiding behind BRATA trying to infect victims' devices through messages WhatsApp and SMS. The purpose of the hackers is to spy on users Brazil.
The new RAT was discovered by Kaspersky researchers in January.
Hackers use various ways to infect victims' devices. They send different alerts through violated sites, as well as messages via WhatsApp or SMS.
However, according to researchers, most variants of BRATA are presented as a updates of the popular WhatsApp app.
Once downloaded, fake updates take advantage of the vulnerability CVE-2019-3568 of WhatsApp and infect Brazilian users' Android devices.
How does BRATA work?
Once the BRATA RAT has infected the device, it will activate its feature keylogging. In addition, it interacts with other applications installed on the user's device.
Hackers can do many things through BRATA. For example, they can unlock them Appliances victims, steal information about the device, turn off the screen and perform various tasks secretly. At the end, the RAT is removed by itself from the device and eliminates any trace of infection.
RATs are very often used by them hackers this month
The attackers have used many RATs this month. Lots of government and financial services have been hit with Revenge and Orcus Remote Access Trojans.
Last week, hackers used Adwind RAT (also known as jRAT, AlienSpy, JSocket and Sockrat) to attack utilities.
Many services from the Balkans were also attacked by a combination backdoor and RAT, known as BalkanDoor and BalkanRAT.
A few days ago, some researchers discovered a new malware software RAT, called LookBack, was spear-phishing and targeted US corporations.