Mmrat

Malware Profile Updated 3 months ago

Download STIX

Preview STIX

MMRat is a newly discovered Android banking trojan that has been targeting mobile users in Southeast Asia since June 2023. The malware was initially detected by the Trend Micro Mobile Application Reputation Service (MARS) team, but surprisingly, popular antivirus scanning services like VirusTotal failed to flag it as malicious upon its first identification. This sophisticated malware gathers various device and personal information such as signal strength, screen lock status, battery status, user contacts, and specifics about installed apps. Unlike other keylogging malware that focus on specific scenarios, MMRat logs every user action and uploads them to the server via the C2 channel. The MMRat Android trojan uses fake app stores for bank fraud, representing a significant threat to endpoint and device security. It was detailed by AT&T Alien Labs as an Android-based remote access trojan (RAT) capable of capturing user input and screen content, along with command-and-control capabilities. MMRat's wide array of malicious functionalities has led to numerous attacks involving remote device takeovers and bank fraud across Southeast Asia, as reported by SecurityWeek. After executing its bank fraud operations, MMRat uninstalls itself to remove all traces of the malware from the system, making it particularly difficult to detect and trace. Its stealthy nature and potent functionality make it a serious concern for cybersecurity. As MMRat continues to evolve, it underscores the need for robust and up-to-date security measures, especially for mobile users who are increasingly becoming targets for such sophisticated cyber threats.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Mars	2	Mars is a malicious software (malware) that has been discovered by Trend Micro's Mobile Application Reputation Service (MARS) team. This malware is particularly damaging as it involves two new Android malware families related to cryptocurrency mining and financially-motivated scam campaigns, targeti

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Trojan

Malware

Fraud

Phishing

Exploits

Android

Signal

Payload

Infiltration

Antivirus

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Source Document References

Information about the Mmrat Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
CERT-EU	7 months ago	New Xamalicious Backdoor Infects 25 Android Apps, Affects 327K Devices
CERT-EU	a year ago	Southeast Asia targeted by novel MMRat Android trojan
CERT-EU	10 months ago	Fake YouTube Android Apps Used to Distribute CapraRAT
CERT-EU	10 months ago	Zanubis Android Banking Trojan Poses as Peruvian Government App to Target Users
CERT-EU	a year ago	Rare Technique Deployed by Android Malware to Illicitly Harvest Banking Data \| IT Security News
BankInfoSecurity	a year ago	New Android Banking Trojan Targets Southeast Asia Region
DARKReading	a year ago	Performance-Enhanced Android MMRat Scurries onto Devices Via Fake App Stores
CERT-EU	a year ago	MMRat Android Trojan Executes Remote Financial Fraud Through Accessibility Feature
CERT-EU	a year ago	Stealthy Android Malware Attacking Mobile Users Via Fake App Stores
CERT-EU	a year ago	New Android MMRat malware uses Protobuf protocol to steal your data
CERT-EU	a year ago	New MMRat Android Trojan Uses Fake App Stores for Bank Fraud \| IT Security News
CERT-EU	a year ago	New ‘MMRat’ Android Trojan Targeting Users in Southeast Asia
CERT-EU	a year ago	MMRat Carries Out Bank Fraud Via Fake App Stores
Trend Micro	a year ago	MMRat Carries Out Bank Fraud Via Fake App Stores