United Kingdom

Warning for Android smartphone users over sophisticated banking trojan

Britons with Android smartphones and tablets have been urged to watch out for fake software updates that could give away passwords, financial information and even let criminals take control of their devices.

Computer security company McAfee warned it had noticed a spate of malware trojans originally from Brazil targeting the Google Play Store and trying to trick users into downloading them.

In Britain, where phones with the Android operating system account for almost half of the market, people have also been told to be on the lookout.

The cybersecurity company McAfee warned of sophisticated banking trojans attacking Android smartphone users 

So-called 'BRATAs', or Brazilian Remote Access Tool Android, originally appeared in the South American country in 2018, according to McAfee, and became widespread from January 2019.

Now spreading elsewhere, these RATs pose as security apps which tell their users they need to update their software, whether that is a search engine like Google Chrome, a messaging app like WhatsApp or even a PDF viewer.

However, rather than updating these apps, they install malicious software, malware, which allows criminals to take control of devices.

According to McAfee, these trojans can display phishing websites which are used to harvest financial details which can be used to steal money or commit identity theft; and can directly capture lock screen details like a password or keystrokes through keylogging software. They can even introduce screen recording software.

The company said it had found at least five malicious apps in the Google Play store, where Android users can download everything from Candy Crush to TikTok, which were capable of such actions.

Most were downloaded between 1,000 and 5,000 times, but one had as many as 10,000 downloads.

The trojans originally targeted Brazilians and other Portuguese speakers but have now been seen targeting Spanish and English speakers in the United States too

Of the ones McAfee said it had found, the first was discovered in May and the latest last October, all of which had been removed by Google from its store. 

They all posed as security software, calling themselves names like 'PrivacyTitan' and 'SecureShield'.

While they initially targeted Brazilians or other Portuguese speakers with Android phones, these malicious apps have become more widespread.

McAfee found at least 5 of these apps in the Google Play store last year

'Depending on the language configured in the device, the malware suggested that one of the following three apps needed an urgent update: WhatsApp (Spanish), a non-existent PDF Reader (Portuguese) and Chrome (English).'

Although McAfee had not suggested these apps had become widespread in the UK, Britons living through a fraud epidemic which has stolen hundreds of millions of pounds during the pandemic were urged to be on their guard.

Impersonators throughout the coronavirus pandemic have posed as legitimate financial firms, parcel delivery companies, and even the NHS and the Government, using cheap number-spoofing software.

These apps can allow criminals to take complete control of devices as well as steal financial information

As a result, this could simply be the latest step. Ray Walsh, from the company ProPrivacy, said news of the spread of the 'sophisticated' trojan meant it was 'vital' those in the UK were warned they could be infected.

He said: 'By accepting and agreeing to accessibility services, the user installs a sophisticated banking trojan that gives the hacker full remote control over their device.

'The exploit works by taking full control of the infected device, allowing the hackers to display phishing webpages that steal the victim's banking credentials, capture their screen lock passcode, and perform keylogging to steal other sensitive credentials and passwords.'


Walsh added: 'It is vital that users are extremely wary of any apps they install, and that they do not accept updates for their apps outside of the official Play Store, which will automatically update and patch their apps when needed. 

'Always be wary of any apps that prompt you to update existing apps for security purposes, and never accept accessibility services.

'Always check an app's reputation before installing it and stick to well-recognized apps, even if you are sourcing them on Google Play.'

Football news:

Griezmann spoke with Hamilton and visited the Mercedes boxes at the Spanish Grand Prix
Barcelona feels that Neymar used it. He said that he wanted to return, but extended his contract with PSG (RAC1)
Aubameyang to the Arsenal fans: We wanted to give you something good. I am sorry that we could not
Atletico did not lose at the Camp Nou. Busquets' injury is the turning point of the match (and the championship race?)
Verratti injured his knee ligaments in PSG training. Participation in the Euro is still in question
Neymar's contract in one picture. Mbappe wants the same one
Manchester United would like to sign Bellingham in the summer, not Sancho. Borussia do not intend to sell Jude