A previously unknown Android banking trojan dubbed MMRat has been observed targeting mobile users in Southeast Asia since late June 2023 to remotely commandeer their devices and perform financial fraud.
Once installed, the app leans heavily on the Android accessibility service and MediaProjection API, both of which have been leveraged by another Android financial trojan called SpyNote.
The trojan employs different combinations of ports and protocols for functions such as data exfiltration, video streaming, and C2 control.
It possesses the ability to collect a broad range of device data and personal information, including signal strength, screen status, and battery status.
Supercharge Your SkillsThe MMRat malware abuses the Accessibility service to remotely control the victim’s device, performing actions such as gestures, unlocking screens, and inputting text, among others, Trend Micro said.