Mobile users across Southeast Asia have been subjected to attacks involving the new MMRat Android banking trojan that sought remote device takeovers and bank fraud since June, according to SecurityWeek.
Malicious websites spoofing legitimate app stores have been leveraged to facilitate the distribution of MMRat, which when installed seeks user permissions and commences command-and-control communications before performing self-removal to evade detection, a Trend Micro report revealed.
Aside from featuring gesture execution, text message delivery, and screen unlocking capabilities, MMRat was also found to be able to perform screen captures and deliver exfiltrated device and personal data to its C2 server using MediaProjection API and a "user terminal state" approach.
"We believe the goal of the threat actor is to uncover personal information to ensure the victim fits a specific profile. For instance, the victim may have contacts that meet certain geographical criteria or have a specific app installed. This information can then be used for further malicious activities," said Trend Micro.
CyberScoop reports that millions of files that may have sensitive information have been exposed by 314,000 internet-connected devices and servers with open directory listings, indicating potential significant exploitation.
Nearly 12,000 internet-facing Juniper firewall devices were discovered by VulnCheck to be impacted by a new medium-severity remote code execution vulnerability, which could be exploited to facilitate the execution of arbitrary code without the need to create a file, The Hacker News reports.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news