The Android malware MMRat, discovered by Trend Micro in June, cannot be detected by antivirus services such as Virustotal. Initially, the creators of the malware focused on devices in Southeast Asia, but the malware has now appeared worldwide. According to the security researchers, MMRat accesses Android devices via websites disguised as official app stores.
Test: The best antivirus programs for Android
Accessibility as a gateway
In most cases, the malware hides in apps that are similar to official government apps or dating apps. As soon as they are installed, the apps in question ask for approval for functions that are actually intended for the accessibility of applications. These functions are then used to obtain additional approvals and install numerous malicious functions on the infected device.
Secret access at night
Once installed, MMRat establishes a communication channel with a server and monitors Android device usage. Criminals are particularly interested in times when users are not using their devices. During these periods, the device is remotely awakened to secretly execute bank frauds.
Observe and strike
Security researchers describe how MMRat works as follows: The malware first collects information about the network, screen and battery data. The contact lists and installed apps are then tapped. User input is monitored in real time via the MediaProjection API. The attackers even have access to the camera. After the scam is done, the software uninstalls itself automatically.
Be careful when installing the app on Android
MMRat is therefore a particularly advanced malicious program. As a protective measure, users of Android devices should only install apps via the official Google Play Store and also pay close attention to the subsequent request for permissions.