One Article Review
| Source |  AlienVault Lab Blog |
|---|---|
| Identifiant | 8388981 |
| Date de publication | 2023-09-28 10:00:00 (vue: 2023-09-28 10:06:29) |
| Titre | MMRAT: Un nouveau troyen bancaire MMRat: A new banking trojan |
| Texte | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.
Introduction:
Many threat actors tend to gravitate towards using some type of remote access trojan (RAT) in their campaigns. RATs are a type of malware that is designed to allow the attacker to have control over an infected device. RATs are a popular choice for hackers to use due to their many capabilities from reconnaissance and data exfiltration to long-term persistence. Throughout the last couple of months, a new Android banking trojan has been making headlines. This trojan, known as MMRat, has been seen targeting mobile users in Asia and has been linked to bank fraud.
Information about MMRat:
Currently, there is not much information available on the history of malware or who created the RAT, but the first sighting of this malware was in late June 2023. The name MMRat comes from the com.mm.user package that the malware uses for different activities. Some of the things that this package is capable of are capturing user input and screen content, as well as command and control (C2). In addition, as of right now, the targets of this malware are countries in Southeast Asia. This conclusion was made based on the languages detected on the phishing pages such as Indonesian, Vietnamese, Singaporean, and Filipino.
How is MMRat spread?
The primary method of infection for MMRat is through phishing. At this time, it is still unclear how these phishing links are spread, but it is safe to assume that email and forums might be two common ways that these links are distributed. Specifically, it is a network of phishing sites that duplicate the qualities of official app stores. In these fake app stores, MMRat disguises itself as an official government application or a dating application.
From beginning to end, this malware attack completes a 7-step process which begins with its installation. At the end of the process, it uninstalls itself after a successful fraudulent transaction has taken place. This RAT possesses the ability to collect vast amounts of device data and personal information. These two fields of data, along with stolen credentials that they could have captured through the MMRat or other means, could help assist them in committing banking fraud.
How to protect against MMRat:
Like many other types of malware and RATs, the best way to protect against MMRat is through proper phishing training. With proper training, you can help keep your organization and employees better protected against the constantly emerging threats in the cyber landscape. Other steps that can be taken to protect against MMRat include, not downloading apps from unofficial app stores, carefully reading app reviews, and in the case of this trojan especially, reading all of the permissions an application is requesting access to. Reading permissions for any application is never fun and seems pointless, but it is important to read these as they explain exactly what features need to be used for the application to function. It can be assumed that in many of the reported cases of MMRat, the consumer did not properly read the permissions, and thus allowed the hacker access to their system.
Conclusion:
Although there have not yet been any reports of MMRat being discovered in countries outside of Southeast Asia, it does not mean we should keep our guard down. This RAT has proven to be a problem in Asia where it has been connected with banking fraud. Its many functionalities make this RAT extremely dangerous. We must take the measures needed to be ready for if and when this strain of malware begins to spread outside of Asia.
The author of this blog works at www.perimeterwatch.co |
| Envoyé | Oui |
| Condensat | 2023 ability about access activities actors addition adopt after against all allow allowed along although amounts android any app application apps are article asia assist assume assumed at&t at www attack attacker author available bank banking based been beginning begins being best better bleepingcomputer blog but campaigns can capabilities capable captured capturing carefully carries case cases choice collect com com/2023/08/mmrat com/en com/mmrat com/news/security/new comes command committing common completes conclusion conclusion: connected constantly consumer content control could countries couple created credentials currently cyber dangerous data data/ dating designed detected device did different discovered disguises distributed does down downloading due duplicate email emerging employees end endorse especially exactly executes exfiltration explain extremely fake features fields filipino first forums fraud fraud/ fraudulent from fun function functionalities government gravitate guard hacker hackers hackread has have headlines help history how html https://thehackernews https://www important include indonesian infected infection information input installation introduction: its itself june keep known landscape languages last late like linked links long made make making malware many mean means measures method might mmrat mmrat: mobile months much must name need needed network never new not now official organization other out outside over package pages perimeterwatch permissions persistence personal phishing place pointless popular positions possesses post primary problem process proper properly protect protected protobuf protocol proven provided qualities rat rats read reading ready reconnaissance remote reported reports requesting responsibility reviews right safe screen seems seen should sighting singaporean sites solely some sources: southeast specifically spread steal step steps stolen store stores strain successful such system take taken targeting targets tend term them these things threat threats through throughout thus time towards training transaction trendmicro trojan two type types unclear uninstalls unofficial us/research/23/h/mmrat use used user users uses using vast vietnamese views way ways well what when where which who works yet your |
| Tags | Malware Threat |
| Stories | |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.