Since late June 2023 [2] [5] [8], cybersecurity researchers at Trend Micro Mobile Application Reputation Service (MARS) have identified a new Android trojan known as MMRat. This trojan has specifically targeted mobile phone users in Southeast Asia [5], but it has the potential to spread globally.


MMRat is a stealthy trojan that disguises itself as official government or dating apps and gains access to victims’ devices through phishing websites that appear to be official app stores. Once installed [1] [2] [3] [4] [5] [6] [7] [10], MMRat establishes communication with a remote server and carries out various tasks, including capturing screenshots [3] [5], remotely controlling devices [1] [2] [4] [5] [6] [8] [10], monitoring user input [2] [5], and conducting bank fraud [5]. It remains undetected on VirusTotal [2] [5].

The trojan collects extensive device and personal data [5], such as screen and battery data, installed apps [2] [5] [7], contact lists [5], and network data [5]. It can also capture screens and carry out bank fraud. MMRat can self-uninstall and remove all traces of its activities [5]. It stands out due to its use of a customized command-and-control protocol that efficiently transfers large amounts of data [1] [6]. MMRat masquerades as official government or dating apps and uses phishing sites to deceive victims [1] [2] [6].

MMRat abuses Android accessibility service and MediaProjection API to carry out its activities [1] [4] [6], including collecting device data and personal information [1] [6], recording screen content [1] [6], and capturing lock screen patterns [1] [6]. The trojan utilizes the collected information for victim profiling and deletes itself after a successful fraudulent transaction [6].

To protect against this type of malware, users should only download apps from official sources [1] [6] [9], carefully review app permissions [1] [6], and avoid installing apps from unknown sources [7]. It is also recommended to download apps only from official Android stores and consider using Android antivirus apps for additional protection. Google Play Protect can identify and remove malicious apps [7], but it is crucial to remain vigilant and take proactive measures to safeguard personal information and devices.


The MMRat trojan poses a significant threat to mobile phone users, particularly in Southeast Asia [1] [2] [4] [5] [6] [8] [9] [10]. Its ability to disguise itself as legitimate apps and its sophisticated command-and-control protocol make it difficult to detect and remove. To mitigate the risks, users should exercise caution when downloading apps, stick to official sources [1] [6] [9], and employ additional security measures such as antivirus apps. As cyber threats continue to evolve, it is essential to stay informed and proactive in protecting personal information and devices.