Android mobile security

New ‘Rogue’ (MRAT) malware enables low-level cybercriminals to exploit your apps

By Tana BlegenPosted on May 12, 2021 10:49 am

Security researchers at Check Point recently discovered a new strain of Android malware. ‘Rogue’ is a combination of two older malware samples, which provides attackers with access to almost everything a user does on an Android device.

According to the researchers, Rogue is capable of device takeover and exfiltration of data, such as photos, location, contacts, and messages.

Powerful malware with keylogging capabilities

Rogue also infects victims with a keylogger, allowing attackers to easily log and monitor the use of sensitive apps to steal usernames and passwords. 

With In-App Protection by Promon SHIELD™, user credentials, such as usernames, passwords, PINs, and other inputs, are safe. Malware techniques are blocked and cannot spy or fetch user inputs using keylogging- screenshots or screenreader-techniques.

Aggressive Rogue marketing on the dark web

The low cost and the aggressive marketing of the Rogue malware also reflect the sophisticated criminal ecosystem in the dark corners of the internet.

With an initial price tag of 29,99 USD per month, Rogue makes it possible for wannabe-hackers with limited technical skills to acquire the tools to stage attacks on your apps.

Rouge malware marketing on the dark web
Credit: Check Point

Android Accessibility abuse

Check Point explains that “like many other malicious applications, Rogue can adapt the Android “AccessibilityService” to suit its own needs.”

The Android Accessibility Service is a key part of helping the elderly and disabled use their smartphones. However, it also opens up the door for malware developers. 

Promon SHIELD™ protects your high-value apps against shady malware that aims to steal sensitive user data from your apps by abusing the accessibility services.

List of malicious apps:

If you have downloaded any of these apps, delete them immediately!

Shortcut name (visible in menu), [Application name (visible in app properties)]

AppleProtect, [se.spitfire.appleprotect.it]

Axgle, [com.absolutelycold.axgle]

Buzz, [org.thoughtcrime.securesms]

Google Play Service, [com.demo.testinh]

Idea Security, [com.demo.testing]

SecurIt, [se.joscarsson.privify.spitfire]

SecurIt, [sc.phoenix.securit]

Service, [com.demo.testing]

Settings, [com.demo.testing]

Settings, [com.hawkshawspy]

Settings, [com.services.deamon]

wallpaper girls, [com.demo.testing]

Wifi Pasword Cracker, [com.services.deamon]

Relevant Content

Download OWASP Mobile Top 10 Risks
The checklist highlights security flaws and vulnerabilities developers need to protect their applications from, access checklist here.