By
After being installed on an Android smartphone through a malicious app, MMRat establishes a communication channel with a command and control (C&C) server operated by the hackers behind this campaign.
The malware then monitors the smartphone to discover when a victim isn’t using it. During these idle periods, MMRat exploits Android’s Accessibility Service to remotely wake up the device, unlock it and perform bank fraud.
Additionally, the malware can collect network, screen and battery information, steal a user’s contacts, save anything they type through keylogging, capture any content on their screen in real-time, record and live-stream from a phone’s cameras and even uninstall itself. This last capability is particularly concerning as once MMRat deletes itself, there’s no trace that the compromised smartphone was ever infected with malware in the first place.
Recent Comments