Mars

Malware updated 2 months ago (2024-09-20T19:01:12.661Z)
Download STIX
Preview STIX
Mars is a malicious software (malware) that has been discovered by the Trend Micro Mobile Application Reputation Service (MARS) team. This malware, related to other known threats like Vidar and Redline, has been involved in cryptocurrency-mining and financially-motivated scam campaigns targeting Android users. The MARS team also identified another fully undetected Android banking trojan, dubbed MMRat, which has been targeting mobile users in Southeast Asia since late June 2023. These discoveries highlight the growing sophistication of cyber threats and the necessity for advanced cybersecurity measures. The MARS team uses leading sandbox and machine learning technologies to cover Android and iOS threats, protecting devices against malware, zero-day and known exploits, privacy leaks, and application vulnerabilities. However, despite these efforts, the proliferation of malware clones such as "Oski" and "Mars" continues, likely due to the original malware being cracked. This underlines the persistent challenges faced in the realm of cybersecurity and the need for continuous innovation and vigilance. In addition to Mars, other products offered by Intellexa include network injection systems like Jupiter and Predator. These systems are installed at mobile operator ISPs and can redirect any unencrypted HTTP request from a smartphone to an infection server. Jupiter even enables injection into encrypted HTTPS traffic, but only works with domestic websites hosted by a local ISP. These developments demonstrate the increasing complexity of malware attacks and the importance of robust cybersecurity infrastructure across all internet services.
Description last updated: 2024-09-20T18:15:27.355Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Mmrat is a possible alias for Mars. MMRat is a newly discovered Android banking trojan that has been targeting mobile users in Southeast Asia since June 2023. The malware was initially detected by the Trend Micro Mobile Application Reputation Service (MARS) team, but surprisingly, popular antivirus scanning services like VirusTotal fa
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Android
Trojan
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Redline Malware is associated with Mars. RedLine is a type of malware, a malicious software designed to exploit and damage computer systems. It often infiltrates systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data for ransom. RedLine has been favored by threat actorUnspecified
3
The Vidar Malware is associated with Mars. Vidar is a malicious software (malware) that primarily targets Windows systems, written in C++ and based on the Arkei stealer. It has historically been favored by threat actors who sell logs through marketplaces like 2easy, alongside other infostealers such as Raccoon, RedLine, and AZORult. The malwis related to
3
The Raccoon Malware is associated with Mars. Raccoon is a malicious software (malware) developed by Russian-speaking coders, first spotted in April 2019. It was designed to steal sensitive data such as credit card information, email credentials, cryptocurrency wallets, and more from its victims. The malware is offered as a service (MaaS) for $Unspecified
2
The Stealc Malware is associated with Mars. StealC is a form of malware that specifically targets browser extensions and password managers. Its emergence was first reported in early 2023 and it quickly grew in popularity on the dark web due to its ability to bypass traditional security measures. The malware's modus operandi involves stealing Unspecified
2
Source Document References
Information about the Mars Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CrowdStrike
2 months ago
InfoSecurity-magazine
4 months ago
MITRE
2 years ago
Trend Micro
a year ago
CERT-EU
2 years ago
InfoSecurity-magazine
2 years ago
Flashpoint
a year ago
CERT-EU
2 years ago
CERT-EU
a year ago
CERT-EU
a year ago
BankInfoSecurity
a year ago
CERT-EU
a year ago
Trend Micro
a year ago
CERT-EU
a year ago
CERT-EU
10 months ago
Flashpoint
10 months ago
CERT-EU
10 months ago
Securityaffairs
2 years ago
CERT-EU
9 months ago
CISA
a year ago