Trend Micro, a cybersecurity research firm, has recently unveiled a novel mobile Trojan that employs an innovative communication technique. This method, known as protobuf data serialization, enhances its ability to pilfer sensitive data from compromised devices.
Initially detected by Trend Micro in June 2023, this malware, named MMRat, primarily targets users in Southeast Asia. Surprisingly, when MMRat was first identified, popular antivirus scanning services like VirusTotal failed to flag it as malicious.
MMRat boasts a wide array of malicious functionalities. These include collecting network, screen, and battery data, pilfering contact lists, employing keylogging techniques, capturing real-time screen content, recording and live-streaming camera data, and even dumping screen data in text formats. Notably, MMRat possesses the ability to uninstall itself if required.
The capacity to capture real-time screen content necessitates efficient data transmission, and this is where the protobuf protocol shines. It serves as a customized protocol for data exfiltration, using distinct ports and protocols to exchange data with the Command and Control (C2) server.
Trend Micro’s report highlights the uniqueness of the C&C protocol, which is customized based on Netty, a network application framework, and the aforementioned Protobuf. It incorporates well-d
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: