The RAT targets users via fake WhatsApp updates in Google Play.
A powerful Android remote access tool (RAT) family dubbed BRATA is proliferating, with at least 20 different variants cropping up since it was first spotted in January. The majority of the binaries have been found in the official Google Play store, masquerading as updates for the instant messaging application WhatsApp.
Notably, BRATA collects and relays information — especially banking information — in real time to its operators, according to research from Kaspersky.
“The ability to remote control a smartphone in real time [is the most notable thing about BRATA],” said Santiago Pontiroli, security researcher for Kaspersky Latin America, speaking to Threatpost. “BRATA is not only able to steal financial credentials and two-factor authentication tokens but also is able to retrieve files, spy on the user’s calls and messages and more.”