According to Trend Micro, a recently discovered Android Trojan that targets users in Southeast Asia gives attackers remote device control and bank fraud capabilities.
The malware, known as MMRat, has been around since June and has the ability to screenshot and capture user input. It also uses a custom command-and-control (C&C) protocol based on Protobuf that enhances its performance when transferring large amounts of data.
The malware was disseminated through websites that pretended to be official app stores and were localized in several languages, including Vietnamese and Thai. It is not known how the intended victims are given links to these websites, though.
Following installation, MMRat prompts the victim to grant the required permissions before starting to communicate with its C&C, sending device data and logging user input.