New Android Trojan MMRat Targets Southeast Asia Users to Carry Out Bank Fraud
- Written by Shipra Sanganeria Cybersecurity & Tech Writer
A new banking malware dubbed ‘’MMRat’’ was identified controlling devices remotely to exfiltrate data from targeted devices. The stealthy trojan was observed targeting users in Southeast Asia since June 2023.
In a published article Trend Micro disclosed that the malware which continues to avoid detection (on VirusTotal) can capture screenshots and user input. It also utilizes a customized command and control (C2) protocol based on rarely used protocol buffers (Protobuf) to boost performance when transferring large volumes of data.
While the mode of phishing link distribution to victims remains unclear, researchers believe that the malware is being distributed via websites disguised as official app stores.
The attack begins when a victim downloads and installs the dubious apps containing MMRat and grants the necessary permissions. ‘’To avoid suspicion, MMRat often masquerades as an official government or dating app, then presents a phishing website to victims upon being launched,’’ Trend Micro revealed.
On receiving the needed access, the malware starts communicating with the C2 servers to transfer large amounts of data from the victim’s device, including network data, installed apps, contacts, screen and battery data. This information is collected in a timely manner on account of the timer task set up by MMRat.
‘’We believe the goal of the threat actor is to uncover personal information to ensure the victim fits a specific profile. [..] contacts that meet certain geographical criteria or have a specific app installed,’’ the article revealed.
With the Accessibility permission enabled, the malware can modify settings and grant itself additional permissions. Its remote communication ability allows it to notify and grant access to the threat actor to unlock the device and commit bank fraud. It also helps the threat actor capture screenshots ‘’for server-side visualization of the device screen’’.
Post this, the malware has the capability to terminate itself, thereby removing all traces of itself from the system.
According to Trend Micro, the malware’s stealth screen recording and C2 server communication capability, enables the threat actors to live stream video data (device) while committing bank fraud.
The rising Android trojans makes it imperative for device owners to download software from reliable sources and be vigilant in granting accessibility permissions.
French Employment Agency Announces Data Breach Exposes Personal Information of 10 Million Individuals
- Written by Shipra Sanganeria Cybersecurity & Tech Writer
French governmental agency Pôle employ, on August 23rd, disclosed a data breach incident that is likely to affect around 10 million people registered with it.
The unemployment registration and financial aid provider stated that it became aware of the breach, a week before the announcement. One of its vendors, the Majorel company, responsible for documentation and registration of job seekers was impacted by the MOVEit campaign of Cl0p ransomware gang.
The campaign did not directly compromise the security of the agency’s internal IT system but the attack on the third-party’s system led to the data exposure of millions of job seekers. The agency did not confirm the number of affected individuals. However, French daily Le Parisien estimates the impacted individual number to be around 10 million.
According to the agency, the compromised data belongs to the people who had registered with it by the end of February 2022. The exposed data includes first and last name as well as social security number of individuals. Sensitive information like email addresses, phone numbers, password or bank details were not a part of the data leak.
Although the risk of phishing and other forms of cybercrimes is limited here, Pôle employ still advised the affected individuals to remain vigilant in the face of any type of communication that could appear fraudulent.
The agency has filed a report with the French data privacy agency CNIL and is also said to report to the concerned judicial authority. It has also set up a dedicated phone support for the impacted individuals and will also be implementing additional security measures to prevent occurrence of similar incidents in the future.
It further went on to state that its financial aid program continues to remain unaffected, and individuals can securely log onto their accounts using the ‘’pole-emploi.fr’’ portal.
