S0295 RCSAndroid
RCSAndroid is Android malware. 1
| Item | Value |
|---|---|
| ID | S0295 |
| Associated Names | |
| Type | MALWARE |
| Version | 1.2 |
| Created | 25 October 2017 |
| Last Modified | 10 October 2019 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| mobile | T1409 | Access Stored Application Data | RCSAndroid can collect contacts and messages from popular applications, including Facebook Messenger, WhatsApp, Skype, Viber, Line, WeChat, Hangouts, Telegram, and BlackBerry Messenger.1 |
| mobile | T1438 | Alternate Network Mediums | RCSAndroid can use SMS for command and control.1 |
| mobile | T1429 | Capture Audio | RCSAndroid can record audio using the device microphone.1 |
| mobile | T1512 | Capture Camera | RCSAndroid can capture photos using the front and back cameras.1 |
| mobile | T1414 | Capture Clipboard Data | RCSAndroid can monitor clipboard content.1 |
| mobile | T1412 | Capture SMS Messages | RCSAndroid can collect SMS, MMS, and Gmail messages.1 |
| mobile | T1533 | Data from Local System | RCSAndroid can collect passwords for Wi-Fi networks and online accounts, including Skype, Facebook, Twitter, Google, WhatsApp, Mail, and LinkedIn.1 |
| mobile | T1407 | Download New Code at Runtime | RCSAndroid has the ability to dynamically download and execute new code at runtime.1 |
| mobile | T1430 | Location Tracking | RCSAndroid can record location.1 |