You discover a new piece of software malicioso on Google plus Play: in this case, a Trojan that violates some habitual aplicaciones.
While we’re still recovering from the latest instance of software malicioso detected on Google plus Play, a There is already a new threat surrounding the Aplicación Store of the Google plus operating system.
His name is FLAGand it is one a Trojan of Brazilian originThis is afín to landing on Android with the aim emulate habitual aplicaciones like WhatsApp, Google plus Google chrome or PDF reader for Gain control of sacrificial devices.
Spain and the United States like two of the countries, along with Brazil, most affected by this threat.
This is how BRATA, the trojan pretending to be habitual aplicaciones, works
BRATA is not a new threat. He is McAfee cybersecurity research experts claim that these first consejos software malicioso They were discovered in 2018 and have come and gone on the Aplicación Store ever since. His name is an acronym for Brazil Android Remote Access Tool.
And that’s exactly what this software malicioso does: try it Take control of Android devices those it infects to steal data, record screen or monitor device usage.
To achieve this, the application embodies famous aplicacioneswhich the users of the infected devices would consider safe.
In this case, the application slipped into Google plus Play disguised as something else Utilitiessome of them accumulate more than 10,000 installations. In the picture below these lines you cánido see them infected aplicaciones found by McAfee.
BRATA infected aplicaciones found on Google plus Play.
When running any of the applications affected by this software malicioso, users were prompted to do so Install a fake update for a specific aplicación. A curious fact about how this aplicación works is that depending on Language in which the device is configured, one or the other application is recommended. Where the cell phone is in Spanish is the application Use whatsapp as baitedand in the case of using English, Google chrome was used.
This is how BRATA, the Brazilian software malicioso lurking in Android, works.
Nevertheless, the alleged download applications are fakeand the download application actually contained software malicioso among other things Capture a screen, editar the clipboard content, hide incoming calls, unlock the device or start activities. They make some too automated actions through misuse of access rights to the system.
McAfee confirms this Google plus has been informed of the threat in October 2020, and the company continued to remove the infected aplicaciones from Google plus Play thereafter. However, Android users are advised to check if any of the affected aplicaciones are installed on their devices and if so, remove them as soon as possible.