Brata Rat Remote Administration Tool

Brata Rat is a new Android remote access tool malware family. We used this code name based on its description It exclusively targets victims however, theoretically it could also be used to attack any other Android user

It has been widespread since January 2022 primarily hosted in the Google Play store, but also found in alternative unofficial Android app stores. For the malware to function correctly, it requires at least Android Lollipop 11 version.

The first samples we found in the wild date to January and February 2022, while so far over 20 different variants have appeared in the Google Play Store,

the majority of these pose as an update to the popular instant messaging application WhatsApp. The CVE-2022-3568 WhatsApp patch is one of the topics abused Brata Rat threat actor. Once a victim’s device is infected, BARTA RAT enables its keylogging feature, enhancing it with real-time streaming functionality.

It uses Android’s Accessibility Service feature to interact with other applications installed on the user’s device.




COMMANDDESCRIPTION
Start/Stop StreamingCapture and send user’s screen output in real-time.
Turn Off/Fake Turn OffCan be used to turn off the screen or give the user the impression that the screen is off while performing actions in the background.
Device InformationRetrieves Android system information, logged user and their registered Google accounts, but missing permissions to properly execute the malware, and hardware information.
Request Unlock/Unlock DeviceRequest the user to unlock the device or perform a remote unlock.
Start ActivityLaunch any application installed with a set of parameters sent via a JSON data file.
Send TextSend a string of text to input data in textboxes.
Launch/UninstallLaunch any particular application or uninstall the malware and remove traces of infection.

It is worth mentioning that the infamous fake WhatsApp update registered over 10,000 downloads in the official Google Play Store, reaching up to 500 victims per day.

Kaspersky products detect this family as Backdoor. Android OS .Brata RAT

In general, we always recommend carefully review permissions any app is requesting on the device. It is also essential to install an excellent up-to-date anti-malware solution with real-time protection enabled.

Download Brata Rat Remote Administration Tool