Malicious Android apps have been masquerading as app security scanners on the Google Playstore. The android apps distribute a backdoor capable of gathering confidential information.
McAfee, a cybersecurity firm, said about the apps, “These malicious apps urge users to update Chrome, WhatsApp, or a PDF reader, yet instead of updating the app in question, they take full control of the device by abusing accessibility services.”
While the apps target users located in Brazil (considering the malware was introduced from Brazil), Spain, and the U.S., the apps are accessible by anyone on the play store.
A backdoor alert is created of specific apps like Google Chrome, Whatsapp, and PDF readers, and users are prompted to install fake updates. Once the fake updates are installed, BRATA requests for permissions that enable the trojan to access the device’s accessibility service. Then the infected device can capture and reveal sensitive information like PINs and passwords. It can even display the Play Store.
The main objective of the trojan is to disable Play Protect. By doing so, the malware can roam the device without detection as the routine safety runs by Play Protect are not taking place.