1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This sneaky Android malware uses a rare technique to steal bankin

    From TechnologyDaily@1337:1/100 to All on Wed Aug 30 17:45:03 2023
    This sneaky Android malware uses a rare technique to steal banking data

    Date:
    Wed, 30 Aug 2023 17:23:07 +0000

    Description:
    Through protobuf data serialization, Android malware can steal plenty of sensitive data, including real-time screen content.

    FULL STORY ======================================================================

    Cybersecurity researchers from Trend Micro recently discovered a new mobile trojan that leverages an innovative communication method.

    Called protobuf data serialization, the method makes it better at stealing sensitive data from the compromised endpoints.

    In its report , Trend Micro says it first spotted the malware in June 2023, mostly targeting users in Southeast Asia. The researchers dubbed it MMRat,
    and said that when it was first spotted, VirusTotal and similar AV scanning services were not detecting it as malicious. MMRat

    MMRat is capable of a wide variety of malicious activity, from harvesting network, screen, and battery data, to stealing contact lists; from keylogging to grabbing real-time screen content, and from recording and live-streaming camera data, to recording and dumping screen data in text forms. Finally, MMRat can uninstall itself if necessary.

    The ability to grab real-time screen content requires efficient data transmission, which is where the protobuf protocol shines. Apparently, this
    is a custom protocol for data exfiltration, using different ports and protocols for exchanging data with the C2. Read more

    Over 50 Chinese apps banned in fresh crackdown by the Indian government


    Windows 11 now has much better protection against brute-force attacks



    These are the best firewalls around

    "The C&C protocol, in particular, is unique due to its customization based on Netty (a network application framework) and the previously-mentioned
    Protobuf, complete with well-designed message structures," Trend Micro said
    in its report. "For C&C communication, the threat actor uses an overarching structure to represent all message types and the "oneof" keyword to represent different data types."

    The researchers have found the malware hidden in in fake mobile app stores, posing as government, or dating, apps. While they described the entire effort as sophisticated, its worth mentioning that the apps still ask for
    permissions for Android's Accessibility Service - a usual red flag and a
    clear indication that the app is malicious.

    At the end of the day, if the victims decline to grant these permissions, the malware is rendered useless. Check out the best malware removal right now

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/this-sneaky-banking-malware-uses-a-rare -technique-to-steal-banking-data


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)