Since late June 2023   , cybersecurity researchers at Trend Micro Mobile Application Reputation Service (MARS) have identified a new Android trojan known as MMRat. This trojan has specifically targeted mobile phone users in Southeast Asia , but it has the potential to spread globally.
MMRat is a stealthy trojan that disguises itself as official government or dating apps and gains access to victims’ devices through phishing websites that appear to be official app stores. Once installed        , MMRat establishes communication with a remote server and carries out various tasks, including capturing screenshots  , remotely controlling devices       , monitoring user input  , and conducting bank fraud . It remains undetected on VirusTotal  .
The trojan collects extensive device and personal data , such as screen and battery data, installed apps   , contact lists , and network data . It can also capture screens and carry out bank fraud. MMRat can self-uninstall and remove all traces of its activities . It stands out due to its use of a customized command-and-control protocol that efficiently transfers large amounts of data  . MMRat masquerades as official government or dating apps and uses phishing sites to deceive victims   .
MMRat abuses Android accessibility service and MediaProjection API to carry out its activities   , including collecting device data and personal information  , recording screen content  , and capturing lock screen patterns  . The trojan utilizes the collected information for victim profiling and deletes itself after a successful fraudulent transaction .
To protect against this type of malware, users should only download apps from official sources   , carefully review app permissions  , and avoid installing apps from unknown sources . It is also recommended to download apps only from official Android stores and consider using Android antivirus apps for additional protection. Google Play Protect can identify and remove malicious apps , but it is crucial to remain vigilant and take proactive measures to safeguard personal information and devices.
The MMRat trojan poses a significant threat to mobile phone users, particularly in Southeast Asia        . Its ability to disguise itself as legitimate apps and its sophisticated command-and-control protocol make it difficult to detect and remove. To mitigate the risks, users should exercise caution when downloading apps, stick to official sources   , and employ additional security measures such as antivirus apps. As cyber threats continue to evolve, it is essential to stay informed and proactive in protecting personal information and devices.