First there was Brangelina, TomKat and Bennifer and now Kaspersky has presented the world with BRATA, or Brazilian RAT Android.

BRATA is not a power celebrity couple, but is a relatively new Android remote access tool family that, at least so far, has exclusively targeted Brazilians using Android 5.0 or higher, according to Kaspersky’s GReAT team. GReAT has found it hosted primarily in the Google Play store, and to a lesser extent on third-party Android outlets, with more than 20 variants having come to light so far.

The malicious actors behind BRATA are using a specific lure to attract initial downloads with the malware posing as an update to WhatsApp to patch CVE-2019-3568, a buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution. However, instead of patching that issue the malware has a real-time keylogging feature. Additionally, it uses Android’s Accessibility Service feature to interact with other applications installed on the user’s device.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.