Security News > 2023 > August > MMRat Android Trojan Executes Remote Financial Fraud Through Accessibility Feature

A previously undocumented Android banking trojan dubbed MMRat has been observed targeting mobile users in Southeast Asia since late June 2023 to remotely commandeer the devices and perform financial fraud.

"The malware, named after its distinctive package name com.mm.user, can capture user input and screen content, and can also remotely control victim devices through various techniques, enabling its operators to carry out bank fraud on the victim's device," Trend Micro said.

What makes MMRat stand apart from others of its kind is the use of a customized command-and-control protocol based on protocol buffers to efficiently transfer large volumes of data from compromised handsets, demonstrating the growing sophistication of Android malware.

Once installed, the app leans heavily on Android accessibility service and MediaProjection API, both of which have been leveraged by another Android financial trojan called SpyNote, to carry out its activities.

Some of the other features of MMRat encompass recording real-time screen content and capturing the lock screen pattern so as to allow the threat actor to remotely gain access to the victim's device when it is locked and not actively in use.

"The MMRat malware abuses the Accessibility service to remotely control the victim's device, performing actions such as gestures, unlocking screens, and inputting text, among others," Trend Micro said.

News URL

https://thehackernews.com/2023/08/mmrat-android-trojan-executes-remote.html