News Heading

New Android Trojan MMRat Targets Southeast Asia Users to Carry Out Bank Fraud

Reading time: 2 min

A new banking malware dubbed ‘’MMRat’’ was identified controlling devices remotely to exfiltrate data from targeted devices. The stealthy trojan was observed targeting users in Southeast Asia since June 2023.

In a published article Trend Micro disclosed that the malware which continues to avoid detection (on VirusTotal) can capture screenshots and user input. It also utilizes a customized command and control (C2) protocol based on rarely used protocol buffers (Protobuf) to boost performance when transferring large volumes of data.

While the mode of phishing link distribution to victims remains unclear, researchers believe that the malware is being distributed via websites disguised as official app stores.

The attack begins when a victim downloads and installs the dubious apps containing MMRat and grants the necessary permissions. ‘’To avoid suspicion, MMRat often masquerades as an official government or dating app, then presents a phishing website to victims upon being launched,’’ Trend Micro revealed.

On receiving the needed access, the malware starts communicating with the C2 servers to transfer large amounts of data from the victim’s device, including network data, installed apps, contacts, screen and battery data. This information is collected in a timely manner on account of the timer task set up by MMRat.

‘’We believe the goal of the threat actor is to uncover personal information to ensure the victim fits a specific profile. [..] contacts that meet certain geographical criteria or have a specific app installed,’’ the article revealed.

With the Accessibility permission enabled, the malware can modify settings and grant itself additional permissions. Its remote communication ability allows it to notify and grant access to the threat actor to unlock the device and commit bank fraud. It also helps the threat actor capture screenshots ‘’for server-side visualization of the device screen’’.

Post this, the malware has the capability to terminate itself, thereby removing all traces of itself from the system.

According to Trend Micro, the malware’s stealth screen recording and C2 server communication capability, enables the threat actors to live stream video data (device) while committing bank fraud.

The rising Android trojans makes it imperative for device owners to download software from reliable sources and be vigilant in granting accessibility permissions.

Did you like this article? Rate it!
I hated it I don't really like it It was ok Pretty good! Loved it!

We're thrilled you enjoyed our work!

As a valued reader, would you mind giving us a shoutout on Trustpilot? It's quick and means the world to us. Thank you for being amazing!

Rate us on Trustpilot
0 Voted by 0 users
Title
Comment
Thanks for your feedback
Loader
Please wait 5 minutes before posting another comment.
Comment sent for approval.

Leave a Comment

Loader
Loader Show more...