BRATA (Malware Family)
By Fraunhofer FKIE
Archived: 2026-04-05 16:36:31 UTC
apk.brata (Back to overview)
BRATA
aka: AmexTroll, Copybara
According to Cleafy, the victim's Android device is factory reset after the attackers siphon money from the
victim's bank account. This distracts users from the crime, while removing traces or footprints that might be of
interest to forensic analysts.
References
2022-10-12 ⋅ ThreatFabric ⋅ ThreatFabric
TOAD attacks: Vishing combined with Android banking malware now targeting Italian banks
BRATA Copybara Joker
2022-08-04 ⋅ ThreatFabric ⋅ ThreatFabric
Brata - a tale of three families
AmexTroll BRATA Copybara
2022-06-17 ⋅ Cleafy ⋅ Alessandro Strino, Francesco Iubatti
BRATA is evolving into an Advanced Persistent Threat
BRATA
2022-01-24 ⋅ Cleafy ⋅ Cleafy
How BRATA is monitoring your bank account
BRATA
2021-12-03 ⋅ Cleafy ⋅ Cleafy
Mobile banking fraud: BRATA strikes again
BRATA
https://malpedia.caad.fkie.fraunhofer.de/details/apk.brata
Page 1 of 2

2021-02-22 ⋅ AdvIntel ⋅ Beatriz Pimenta Klein
Economic Growth, Digital Inclusion, & Specialized Crime: Financial Cyber Fraud in LATAM
BRATA Mekotio Metamorfo Ploutus ATM VictoryGate
2019-08-29 ⋅ Kaspersky Labs ⋅ GReAT
Fully equipped Spying Android RAT from Brazil: BRATA
BRATA
There is no Yara-Signature yet.
Source: https://malpedia.caad.fkie.fraunhofer.de/details/apk.brata
https://malpedia.caad.fkie.fraunhofer.de/details/apk.brata
Page 2 of 2