New MMRAT Android Malware Runs Sneaky Campaigns

Another threat for Android users has emerged online, emphasizing the need to use apps from legit sources only. Researchers have spotted a new Android malware, “MMRAT,” that targets devices via fake app stores.

MMRAT Android Malware Spreads Via Fake App Stores

Elaborating on the matter in a detailed post, researchers from Trend Micro urged Android users to remain vigilant.

As explained, Trend Micro researchers discovered a new Android malware, “MMRAT,” actively running malicious campaigns this year.

In brief, the threat actors target Android users via phishing websites impersonating fake app stores that deliver the malware “AndroidOS_MMRat.HRX” to the target devices.

Upon reaching the device, the malware requests necessary permissions from the victim to access various device components. Besides, it connects with its C&C server to transmit the data collected from the device.

MMRAT serves as a potent remote access trojan, giving the attackers unrestricted access to the victim’s devices. The malware can then perform various spying activities, including keylogging, screen recording, gathering data such as contacts, installed apps, network details, and even performing bank fraud. It exploits the device’s Android Accessibility service and MediaProjection API to execute these tasks.

Once the intended actions are completed, the malware sneakily uninstalls itself, leaving behind no traces. That’s how the malware has managed to stay under the radar despite running active campaigns.

The malware has been active since June 2023 and mainly targets Android users from Southeast Asia. Analyzing the campaign patterns also indicates that the threat actors behind this campaign specifically aim at a particular user group.

Given the stealthy execution of this malware, the researchers advise all Android users to remain careful for their devices’ security. At first, users must avoid downloading apps or interacting with app stores other than the official sources. Then, users must remain cautious when granting permissions to an app, especially if the app asks for seemingly unnecessary access. In addition, users must equip their devices with robust antimalware programs to repel known malware attacks.

Let us know your thoughts in the comments.

Related posts

NachoVPN Attack Risks Corporate VPN Clients

Sweet Security Introduces Evolutionary Leap in Cloud Detection and Response, Releasing First Unified Detection & Response Platform

Anti-Spam WordPress Plugin Vulnerabilities Risked 200K+ Websites