March 22, 2024
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Rewterz Threat Advisory – CVE-2021-1391 – Cisco IOS and IOS XE Software Privilege Escalation Vulnerability
April 14, 2021
Rewterz Threat Advisory – Multiple Microsoft Azure Vulnerabilities
April 15, 2021
Rewterz Threat Advisory – CVE-2021-1391 – Cisco IOS and IOS XE Software Privilege Escalation Vulnerability
April 14, 2021
Rewterz Threat Advisory – Multiple Microsoft Azure Vulnerabilities
April 15, 2021
Severity
Medium
Analysis Summary
Malicious Android apps have been masquerading as app security scanners on the Google Playstore. The android apps distribute a backdoor capable of gathering confidential information.
McAfee, a cybersecurity firm, said about the apps, “These malicious apps urge users to update Chrome, WhatsApp, or a PDF reader, yet instead of updating the app in question, they take full control of the device by abusing accessibility services.”
While the apps target users located in Brazil (considering the malware was introduced from Brazil), Spain, and the U.S., the apps are accessible by anyone on the play store.
- The malware started out with screen recording abilities, and it has now morphed into a banking trojan. The malware can display phishing websites that allow screen capture of credentials (pin codes, passwords, and patterns).
- It can capture keystrokes (keylogger functionality).
- And it can screen record the infected devices to monitor user actions and activities.
Working:
A backdoor alert is created of specific apps like Google Chrome, Whatsapp, and PDF readers, and users are prompted to install fake updates. Once the fake updates are installed, BRATA requests for permissions that enable the trojan to access the device’s accessibility service. Then the infected device can capture and reveal sensitive information like PINs and passwords. It can even display the Play Store.
The main objective of the trojan is to disable Play Protect. By doing so, the malware can roam the device without detection as the routine safety runs by Play Protect are not taking place.
Impact
- Information theft
- Credential theft
- Exposure of financial and banking data
Remediation
- Be wary of installing Android applications simply because they are available on the App store.
- Download from trusted websites and look out for official web pages.
- Do not click on suspicious links received via email or texts.
- Be vigilant when downloading new applications. Analyze the reviews and look for fake reviews. Also, check the vendor information and the permissions requested by the app.