Mmrat

Malware Profile Updated 25 days ago
Download STIX
Preview STIX
MMRat is a newly discovered Android banking trojan that has been targeting mobile users in Southeast Asia since June 2023. The malware was initially detected by the Trend Micro Mobile Application Reputation Service (MARS) team, but surprisingly, popular antivirus scanning services like VirusTotal failed to flag it as malicious upon its first identification. This sophisticated malware gathers various device and personal information such as signal strength, screen lock status, battery status, user contacts, and specifics about installed apps. Unlike other keylogging malware that focus on specific scenarios, MMRat logs every user action and uploads them to the server via the C2 channel. The MMRat Android trojan uses fake app stores for bank fraud, representing a significant threat to endpoint and device security. It was detailed by AT&T Alien Labs as an Android-based remote access trojan (RAT) capable of capturing user input and screen content, along with command-and-control capabilities. MMRat's wide array of malicious functionalities has led to numerous attacks involving remote device takeovers and bank fraud across Southeast Asia, as reported by SecurityWeek. After executing its bank fraud operations, MMRat uninstalls itself to remove all traces of the malware from the system, making it particularly difficult to detect and trace. Its stealthy nature and potent functionality make it a serious concern for cybersecurity. As MMRat continues to evolve, it underscores the need for robust and up-to-date security measures, especially for mobile users who are increasingly becoming targets for such sophisticated cyber threats.
What's your take? (Question 1 of 5)
79a76a86-4ca9-4ca5-88a7-024f311b8301 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Fraud
Malware
Trojan
Android
Phishing
Signal
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
MarsUnspecified
2
MARS, short for Mobile App Reputation Service, is a malware detection system developed and launched by Trend Micro in 2012. It is designed to pre-scan apps for potential threats and has been employed by various high-profile customers including Salesforce, Slack, Mars, BMW, Avery Dennison, Priceline,
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Mmrat Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
9 months ago
MMRat Carries Out Bank Fraud Via Fake App Stores
Trend Micro
9 months ago
MMRat Carries Out Bank Fraud Via Fake App Stores
CERT-EU
9 months ago
Stealthy Android Malware Attacking Mobile Users Via Fake App Stores
CERT-EU
9 months ago
New Android MMRat malware uses Protobuf protocol to steal your data
DARKReading
9 months ago
Performance-Enhanced Android MMRat Scurries onto Devices Via Fake App Stores
CERT-EU
9 months ago
MMRat Android Trojan Executes Remote Financial Fraud Through Accessibility Feature
BankInfoSecurity
9 months ago
New Android Banking Trojan Targets Southeast Asia Region
CERT-EU
9 months ago
New ‘MMRat’ Android Trojan Targeting Users in Southeast Asia
CERT-EU
9 months ago
Southeast Asia targeted by novel MMRat Android trojan
CERT-EU
9 months ago
Rare Technique Deployed by Android Malware to Illicitly Harvest Banking Data | IT Security News
CERT-EU
8 months ago
Zanubis Android Banking Trojan Poses as Peruvian Government App to Target Users
CERT-EU
9 months ago
New MMRat Android Trojan Uses Fake App Stores for Bank Fraud | IT Security News
CERT-EU
8 months ago
Fake YouTube Android Apps Used to Distribute CapraRAT
CERT-EU
5 months ago
New Xamalicious Backdoor Infects 25 Android Apps, Affects 327K Devices