Hackers have created a new Android malware which can remotely wake up your smartphone, unlock the screen and then steal data as well as funds from your bank accounts in real-time.
As reported by BleepingComputer, this new Android banking malware has been dubbed MMRat by security researchers at Trend Micro who first discovered it back in June. To make matters worse, as of now, it remains undetected on VirusTotal and other antivirus scanning services.
Although Trend Micro’s researchers haven’t yet figured out how the hackers who created the malware are promoting it, they did find that MMRat is often distributed through fake websites impersonating official app stores like the Google Play Store.
Like other Android malware, MMRat abuses Android’s Accessibility Service during installation to trick victims into giving it access to risky permissions. However, the malware takes things a step further by granting itself additional permissions that let it carry out all kinds of nefarious activities on a victim’s smartphone.
Stealing data from locked phones
After being installed on an Android smartphone through a malicious app, MMRat establishes a communication channel with a command and control (C&C) server operated by the hackers behind this campaign.
The malware then monitors the smartphone to discover when a victim isn’t using it. During these idle periods, MMRat exploits Android’s Accessibility Service to remotely wake up the device, unlock it and perform bank fraud.
Additionally, the malware can collect network, screen and battery information, steal a user’s contacts, save anything they type through keylogging, capture any content on their screen in real-time, record and live-stream from a phone’s cameras and even uninstall itself. This last capability is particularly concerning as once MMRat deletes itself, there’s no trace that the compromised smartphone was ever infected with malware in the first place.
The way in which MMRat is able to steal so much data from an infected smartphone is due to the fact that its creators have developed a custom Protobuf protocol. This custom protocol makes transferring data off of an infected smartphone more efficient while also being quite uncommon among other Android trojans.
Fortunately, at least for now, MMRat is primarily being used to target Android smartphone users in Southeast Asia according to a blog post from Trend Micro. However, this could change soon, especially as this new banking malware is especially good at remaining undetected while stealing loads of personal and financial data from compromised devices.
How to stay safe from Android malware
The easiest and simplest way to avoid having your smartphone infected with Android malware is to avoid installing apps from unknown sources. Sure, sideloading apps can be convenient but it also puts you at risk since apps downloaded online as APK files don’t go through rigorous security checks.
For this reason, you should only download apps from official Android stores like the Google Play Store, the Amazon Appstore or the Samsung Galaxy Store. While malicious apps do manage to slip through the cracks from time to time, Google Play Protect, which comes preinstalled on most Android phones, can identify and remove bad apps from your phone.
If you want extra protection though, you should also consider installing one of the best Android antivirus apps alongside it. These paid apps often provide you with other security software like a VPN or even a password manager.
MMRat may be new but it’s already a very sophisticated Android malware which is why we’ll likely see hackers use it in other campaigns going forward. However, if you carefully scrutinize all of the apps you install and avoid sideloading new apps, you should be fine.