In the advanced digital age where business is booming and the general population increasingly relying on the internet and AI tools, there are some people who are abusing the technology to steal money and data. Every now and then we hear stories about scams being spread by malicious software through various apps. One of these was found recently. Experts have exposed a dangerous banking malware called MMRat, which is undetectable and even manages to evade antivirus scanning software. Know how it works.
According to a report by Tom’s Guide, in June, Trend Micro discovered Android malware, which could not be detected even by VirusTotal and other virus-scanning software. This malware captures the access of an Android device through malicious apps or URLs and steals all the mobile data and wipes the user’s bank account. When malware is installed through manipulative means, it initiates a communication channel with a command and control (C&C) server to get access to the mobile.
When the hacker notices the mobile device is not being used, MMRat takes advantage of Android’s Accessibility Service to unlock the device and collect all the mobile data such as banking details, messages and even the smallest of information such as battery percentage, contacts, images, etc.
Trend Micro reports that the malware is functional in Southeast Asia and only targets Android smartphone users. The MMRAT captures mobile data with the help of a custom Protobuf protocol. The protocol makes the data extraction easy. This new data-stealing feature is not commonly found in other Android trojans.
How to stay protected from Android malware
- Google advises that when downloading any app from its App Store, make sure to turn on the Google Play Protect, which can scan the app for malware.
2. Always keep your Android device updated and install every security update.
3. Remove any apps from your device which are not being used frequently or are from untrustworthy sources.
4. Do a Google security checkup at http://myaccount.google.com/security-checkup
5. Do not download apps online from any unknown website as APK files.
6. Use antivirus software and scan your device from time to time.
Over and above this, a user must never download any app in a hurry. Always do the due diligence to find out who is behind the app. If there is any uncertainty about it, do not download at all. Ultimately, the responsibility of verifying an app is that of the user.