City Sleeps, Awakens to MMrat: Android Devices Infected by Banking Trojan

Company Trend Micro has recently uncovered a new banking Trojan called MMRAT, specifically designed to target Android operating systems. This malicious software utilizes a unique method of data serialization, allowing it to efficiently and swiftly steal confidential information from infected devices.

According to researchers, MMRAT was first observed at the end of June 2023 and is primarily spreading among users in Southeast Asia. Despite its rapid spread, popular antivirus scanners like Virustotal do not currently detect its presence.

The Trojan infects devices when users unwittingly download malicious applications, mistaking them for official state services or dating platforms. During the installation process, the Trojan requests suspicious permissions, such as access to control settings.

If the victim remains unaware, the program gains expanded rights automatically. Through a C2 server, it monitors the activity of the infected device, specifically targeting times when the owner is less likely to be using it.

When the device is unattended, MMRAT has the ability to remotely take control, unlock the screen, and hack into real-time applications, including banking apps.

The main capabilities of this banking Trojan include:

  • Collecting data on network parameters, display, and battery condition.
  • Stealing contacts and a list of installed applications.

/Reports, release notes, official announcements.