MobileOrder is a Trojan intended to compromise Android mobile devices. It has been used by Scarlet Mimic.
||Browser Bookmark Discovery
||MobileOrder has a command to upload to its C2 server victim browser bookmarks.
||Data from Local System
||MobileOrder exfiltrates data collected from the victim mobile device.
||Exfiltration Over C2 Channel
||MobileOrder exfiltrates data to its C2 server over the same protocol as C2 communications.
||File and Directory Discovery
||MobileOrder has a command to upload to its C2 server information about files on the victim mobile device, including SD card size, installed app list, SMS content, contacts, and calling history.
||Ingress Tool Transfer
||MobileOrder has a command to download a file from the C2 server to the victim mobile device’s SD card.
||MobileOrder has a command to upload information about all running processes to its C2 server.
||System Information Discovery
||MobileOrder has a command to upload to its C2 server victim mobile device information, including IMEI, IMSI, SIM card serial number, phone number, Android version, and other information.
Groups That Use This Software