Shulou(Shulou.com)11/24 Report--

CTOnews.com, August 30 (Xinhua)-- trend Technology recently released a security blog saying that a number of cyber attacks using MMRat malware against Android users have been discovered since late June 2023.

The malware uses a relatively rare way of protobuf data serialization communication, which can evade anti-virus scanning services such as VirusScan Total and steal target device data more pertinently.

When tracing the source, the researchers did not find out how the malware initially spread, but several cases have been found to be distributed on websites disguised as official app stores.

If victims download and install apps that carry MMRat malware, they usually imitate official apps or dating apps and require access to Android's accessibility services during installation.

Malware can automatically abuse "accessibility" and grant itself additional permissions to perform a variety of malicious operations on infected devices.

CTOnews.com hereby attaches the main capabilities of MMRat malware including:

Collect network, screen and battery information

Extract the user's contact list and installed application list

Capture user input through keyloggin

Misuse of MediaProjection API to intercept real-time screen content from devices

Recording and real-time transmission of camera data

Record and dump screen data as text and export it to C2

Uninstall yourself from the device to erase all evidence of infection

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.