Mobile Remote Access Trojans boldly attack the company

English adage says that you are never more than a few feet from a rat (rat-the Rat). When it comes to mobile device security looks like mRAT attacks are becoming a big problem. mRAT (ang. Mobile Remote Access Trojans), a mobile remote access Trojans are commercial tools spyware usually're advertising as programs to monitor the phones used by children in order to ensure their safety on the Internet. However, it appears that they may also be used for industrial espionage and other malicious purposes.

MRAT program can be downloaded in transparent to the user through the game or sent the link in the email/text message. Can also be installed manually on the device to which the third person has physical access. Because they allow administrative tasks allow you to capture typed messages/passwords, enabling camera, sound recording, and much more.

Broad functionality causes the mRAT programs are very attractive to attackers. They allow you to bypass security MDM (mobile device management), so you can use them to listen in on calls and meetings, pull information from corporate e-mails and text messages and track the location of users. They can also intercept communications through third-party applications. At the end of the year 2014, mRAT attacking both iOS and Android zainfekowano device traffic members Occupy Central in Hong Kong. The program spread through the unconscious share links in your application.

As a serious threat for the safety of mRAT programs companies?

To better understand and assess the risks posed by, Check Point and recently carried out by the communication studies Lacoon over 900 000 devices via Wi-Fi access points in large corporations. For several months the researchers analyze network traffic and signatures of several famous mRATów that communicate with your servers Command & Control. Survey results show that on average one in 1000 devices in the world was infected, and in some countries, such as for example. The USA infected was one in 500 devices. Infestation were equally devices under the control of Android and iOS unlike most mobile malware. Despite the fact, that these numbers do not seem significant, it should be noted that in many cases programs mRAT send data by weeks or even months. What sensitive information could be learned from the one phone that belongs to the Director?

MRAT attacks are mobile equivalent of phishing attacks against the traditional networks that were directed against companies such as. Target, Neiman Marcus, Anthem and Sony Pictures. They form a bridge that allows attackers to choose a single victim in a company through which they gain access to sensitive data. What's more, the potential of these attacks will increase. In the year 2014, the third annual report of the Mobile Security Check Point based on the data from 700 organization showed that the number of personal devices connecting to corporate networks over the past two years has increased twice in 72% of companies. 44% of the interviewees said they would not even trying to manage corporate data on devices belonging to employees, which gives hackers from constantly growing source of possible devices to infect.

Capture mRATów

As in that case, the company should approach the issue of detection of existing infections mRAT programs to prevent further infections and data leakage? First of all you need is a unified approach to security on every mobile device, regardless of where it is used. Other means of protection is blocking network traffic generated by mRATy.

to protect the devices outside the corporate network from infections type mRAT, security can be implemented on mobile devices as a service in the cloud using an encrypted VPN tunnel. It prevents against downloading suspicious files and blocks access to dangerous websites. Not only we are introducing corporate security protocols on devices of all employees, but also block communication with Server devices already infected.

When it comes to local security on any device, the company should provide solutions to detect any suspicious behavior of applications and suspicious network traffic, which will help reduce the spread of mRAT programs. In many cases, these programs may not be detected by conventional antivirus software, but special, dedicated solutions allow for the introduction of active protection blocking threats. In conclusion, mRAT programs are powerful tools that allow hackers to pull data from mobile devices, employees, most of which do not have protection. For this reason, the company should take measures against mRATom blocking their communication before start data theft.

Source: Check Point


Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.