Mmrat

Malware updated 5 months ago (2024-05-04T19:17:42.402Z)
Download STIX
Preview STIX
MMRat is a newly discovered Android banking trojan that has been targeting mobile users in Southeast Asia since June 2023. The malware was initially detected by the Trend Micro Mobile Application Reputation Service (MARS) team, but surprisingly, popular antivirus scanning services like VirusTotal failed to flag it as malicious upon its first identification. This sophisticated malware gathers various device and personal information such as signal strength, screen lock status, battery status, user contacts, and specifics about installed apps. Unlike other keylogging malware that focus on specific scenarios, MMRat logs every user action and uploads them to the server via the C2 channel. The MMRat Android trojan uses fake app stores for bank fraud, representing a significant threat to endpoint and device security. It was detailed by AT&T Alien Labs as an Android-based remote access trojan (RAT) capable of capturing user input and screen content, along with command-and-control capabilities. MMRat's wide array of malicious functionalities has led to numerous attacks involving remote device takeovers and bank fraud across Southeast Asia, as reported by SecurityWeek. After executing its bank fraud operations, MMRat uninstalls itself to remove all traces of the malware from the system, making it particularly difficult to detect and trace. Its stealthy nature and potent functionality make it a serious concern for cybersecurity. As MMRat continues to evolve, it underscores the need for robust and up-to-date security measures, especially for mobile users who are increasingly becoming targets for such sophisticated cyber threats.
Description last updated: 2024-05-04T18:43:11.489Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Mars is a possible alias for Mmrat. Mars is a malicious software (malware) that has been discovered by the Trend Micro Mobile Application Reputation Service (MARS) team. This malware, related to other known threats like Vidar and Redline, has been involved in cryptocurrency-mining and financially-motivated scam campaigns targeting And
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Fraud
Trojan
Malware
Android
Phishing
Exploits
Signal
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.