MMRat

Description

(Trend Micro) The Trend Micro Mobile Application Reputation Service (MARS) team discovered a new, fully undetected Android banking trojan, dubbed MMRat (detected by TrendMicro as AndroidOS_MMRat.HRX), that has been targeting mobile users in Southeast Asia since late June 2023. The malware, named after its distinctive package name com.mm.user, can capture user input and screen content, and can also remotely control victim devices through various techniques, enabling its operators to carry out bank fraud on the victim’s device.

Furthermore, MMRat uses a special customized command-and-control (C&C) protocol based on protocol buffers (aka Protobuf), an open-source data format used for serializing structured data. This feature, which is rarely seen in Android banking trojans, enhances its performance during the transfer of large volumes of data.

Names

Name
MMRat

Category

Malware

Type

• Banking trojan
• Backdoor
• Info stealer
• Credential stealer

Information

• https://www.trendmicro.com/en_us/research/23/h/mmrat-carries-out-bank-fraud-via-fake-app-stores.html
• https://cybersecurity.att.com/blogs/security-essentials/mmrat-a-new-banking-trojan

Other Information

Uuid

cddf5428-abee-4308-8ab6-ac5bb744e312

Last Card Change

2023-10-13