All the time, we are requested to update our mobile applications such as Twitter, Facebook, Whatsapp, etc. but we often don’t check out the authenticity of the updates and persons who upload these updates!
A powerful Android remote access tool (RAT) family dubbed RATA is proliferating, with at least 20 different variants cropping up since it was first spotted in January. The majority of the binaries have been found in the official Google Play store, masquerading as updates for the instant messaging application WhatsApp.
Notably, RATA collects and relays information especially banking information in real-time to its operators, according to research from Kaspersky (an anti-virus organization).
RATA, Remote Access tool Android, is increasingly making rounds in and on the internet of late; The ability to remote control a smartphone in real-time [is the most notable thing about RATA], RATA is not only able to steal financial credentials and two-factor authentication tokens but also is able to retrieve files, spy on the user’s calls and messages and more.
To carry out its malicious work, it abuses a known WhatsApp vulnerability (CVE-2019-3568) to infect a target device and then enables a key-logging feature along with real-time streaming functionality. It also uses Android’s Accessibility Service feature to interact with other applications installed on the user’s mobile phone and gain full control of the device.
For the malware to function correctly, it requires at least Android Lollipop 5.0 version, and the cybercriminals behind RATA have several infection vectors, including using push notifications on compromised websites, spam messages delivered via WhatsApp or SMS, and sponsored links in Google searches.
Hackers’ Way of Violating Your Privacy and Data Integrity Over the Internet
There might be nothing that may stop RATA from expanding or from evolving the campaign to include an extortive scheme (such as demanding a ransom for private information). RATA’s authors seem particularly interested in mobile banking information. For the moment, RATA is focused on users using their smartphones for online banking
Applications like these are many and of late Google play store has tried as much as possible to update their security techniques and authenticity of uploads that are sent to the store as a temporary solution.
The fake WhatsApp applications have been removed from the Google Play store and the developer, “JCLapp,” banned from uploading any further apps. However, the malware is still being distributed in third-party markets and could easily surface in other regional Google Play stores under a different developer alias, stay alarmed!