British Android users warned over fake software updates

Posted by Alex Morrison April 15, 2021
McAfee

According to McAfee, ‘BRATAs’ originally appeared in Brazil in 2018 and became widespread from January 2019

Britons with Android smartphones and tablets have been urged to watch out for fake software updates that could give away passwords, financial information and even let criminals take control of their devices.

Computer security company McAfee warned it had noticed a spate of malware trojans originally from Brazil targeting the Google Play Store and trying to trick users into downloading them.

In Britain, where phones with the Android operating system account for almost half of the market, people have also been told to be on the lookout.

So-called ‘BRATAs’, or Brazilian Remote Access Tool Android, originally appeared in the South American country in 2018, according to McAfee, and became widespread from January 2019.

Now spreading elsewhere, these RATs pose as security apps which tell their users they need to update their software, whether that is a search engine like Google Chrome, a messaging app like WhatsApp or even a PDF viewer.

However, rather than updating these apps, they install malicious software, malware, which allows criminals to take control of devices.

According to McAfee, these trojans can display phishing websites which are used to harvest financial details which can be used to steal money or commit identity theft; and can directly capture lock screen details like a password or keystrokes through keylogging software. They can even introduce screen recording software.

The company said it had found at least five malicious apps in the Google Play store, where Android users can download everything from Candy Crush to TikTok, which were capable of such actions.

Most were downloaded between 1,000 and 5,000 times, but one had as many as 10,000 downloads.

Of the ones McAfee said it had found, the first was discovered in May and the latest last October, all of which had been removed by Google from its store.

They all posed as security software, calling themselves names like ‘PrivacyTitan’ and ‘SecureShield’.

While they initially targeted Brazilians or other Portuguese speakers with Android phones, these malicious apps have become more widespread.

In June we noticed that threat actors behind BRATA started to add support to other languages like Spanish and English, McAfee said in a blog post published on Monday.

Depending on the language configured in the device, the malware suggested that one of the following three apps needed an urgent update: WhatsApp (Spanish), a non-existent PDF Reader (Portuguese) and Chrome (English).’

Although McAfee had not suggested these apps had become widespread in the UK, Britons living through a fraud epidemic which has stolen hundreds of millions of pounds during the pandemic were urged to be on their guard.

Impersonators throughout the coronavirus pandemic have posed as legitimate financial firms, parcel delivery companies, and even the NHS and the Government, using cheap number-spoofing software.

Disclaimer: The opinions expressed by our writers are their own and do not represent the views of Scommerce. The information provided on Scommerce is intended for informational purposes only. Scommerce is not liable for any financial losses incurred. Conduct your own research by contacting financial experts before making any investment decisions.

scommerce

Welcome! Get free access to EVERYTHING we publish…

Whether you are an investor, tech enthusiast, or entrepreneur we have something for you. You'll get our FREE weekly newsletter with latest news and information along with special offers. Please take time to read our privacy policy. The information you provide us will be processed in accordance with this.