Android smartphones are being targeted with a new scam, which can lead to victims having their online banking information stolen if they answer the wrong call. The offending malware behind this threat is called BRATA, and had previously been found on dangerous apps that managed to sneak onto Google Play Store. The latest version of the malware was discovered by researchers from fraud management firm Cleafy, who said it’s capable of slipping past the vast majority of anti-virus scanners undetected.
It was recently discovered in Italy, after the malware had previously only been found in Brazil. But experts are warning it could spread further into Europe.
The scam begins with a victim being sent an SMS message allegedly from their bank which contains a link to a website. The text tries to convince the recipient to download an alleged anti-spam app.
The victim is also told that they will be contacted by a representative from their bank soon.
If they click on the link in the text message the Android user will be sent to a phishing page designed to steal sensitive information such as online user credentials or answers to crucial security questions.
After a victim has visited the bogus site, a scammer will call up pretending to be from their bank and try to persuade them to download the malicious ‘anti-spam’ app.
The bogus app will require multiple permissions to be installed which let scam artists take control of an infected device, record what’s taking place on screen, access pictures as well as send and view messages.
This latter point is crucial as it would let bad actors view any two factor authentication (2FA) codes a bank sends to a user when they’re trying to access their internet banking account.
This is key to the scammers efforts, and if the cyber crooks are successful could lead to victims being severely out of pocket.
While screen recording would give hackers the usernames and passwords they need to access internet banking accounts in the first place.
In order to stay safe from such texts, always beware of any unsolicited messages you receive asking you to hand over personal information such as bank details, or usernames and passwords for online accounts.
Also, be cautious of any messages that advise you to download apps you haven’t heard of or click on links that don’t look official.
If you follow this advice and are still unsure whether a message you receive is legitimate or not (and that can be the case as some scams are better disguised than others) then head to your bank’s official website, find a contact number and phone up to speak to an official advisor directly.