Security News > 2023 > August > New Android MMRat malware uses Protobuf protocol to steal your data
A novel Android banking malware named MMRat utilizes a rarely used communication method, protobuf data serialization, to more efficiently steal data from compromised devices.
The performance would hinder threat actors from executing bank fraud effectively, which is why MMRat's authors have opted to develop a custom Protobuf protocol for data exfiltration.
MMRat uses a unique command and control server protocol based on protocol buffers for efficient data transfer, which is uncommon among Android trojans.
MMRat uses different ports and protocols for exchanging data with the C2, like HTTP at port 8080 for data exfiltration, RTSP and port 8554 for video streaming, and custom Protobuf at 8887 for command and control.
In conclusion, MMRat shows the evolving sophistication of Android banking trojans, adeptly blending stealth with efficient data extraction.
New Android malware uses OCR to steal credentials from images.
News URL
Related news
- Android malware "FakeCall" now reroutes bank calls to attackers (source)
- New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls (source)
- New Android Banking Malware 'ToxicPanda' Targets Users with Fraudulent Money Transfers (source)
- Cyber crooks push Android malware via letter (source)
- SpyLoan Android malware on Google play installed 8 million times (source)
- 8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play (source)
- New DroidBot Android banking malware spreads across Europe (source)
- New DroidBot Android malware targets 77 banking, crypto apps (source)
- Germany sinkholes BadBox malware pre-loaded on Android devices (source)
- Germany blocks BadBox malware loaded on 30,000 Android devices (source)