Southeast Asia targeted by novel MMRat Android trojan

Mobile users across Southeast Asia have been subjected to attacks involving the new MMRat Android banking trojan that sought remote device takeovers and bank fraud since June, according to SecurityWeek. Malicious websites spoofing legitimate app stores have been leveraged to facilitate the distribution of MMRat, which when installed seeks user permissions and commences command-and-control communications before performing self-removal to evade detection, a Trend Micro report revealed. Aside from featuring gesture execution, text message delivery, and screen unlocking capabilities, MMRat was also found to be able to perform screen captures and deliver exfiltrated device and personal data to its C2 server using MediaProjection API and a "user terminal state" approach. "We believe the goal of the threat actor is to uncover personal information to ensure the victim fits a specific profile. For instance, the victim may have contacts that meet certain geographical criteria or have a specific app installed. This information can then be used for further malicious activities," said Trend Micro.