Skip to content

S0295 RCSAndroid

RCSAndroid is Android malware. 1

Item Value
ID S0295
Associated Names
Version 1.2
Created 25 October 2017
Last Modified 24 October 2022
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
mobile T1429 Audio Capture RCSAndroid can record audio using the device microphone.1
mobile T1414 Clipboard Data RCSAndroid can monitor clipboard content.1
mobile T1533 Data from Local System RCSAndroid can collect passwords for Wi-Fi networks and online accounts, including Skype, Facebook, Twitter, Google, WhatsApp, Mail, and LinkedIn.1
mobile T1407 Download New Code at Runtime RCSAndroid has the ability to dynamically download and execute new code at runtime.1
mobile T1430 Location Tracking RCSAndroid can record location.1
mobile T1644 Out of Band Data RCSAndroid can use SMS for command and control.1
mobile T1636 Protected User Data -
mobile T1636.004 SMS Messages RCSAndroid can collect SMS, MMS, and Gmail messages.1
mobile T1409 Stored Application Data RCSAndroid can collect contacts and messages from popular applications, including Facebook Messenger, WhatsApp, Skype, Viber, Line, WeChat, Hangouts, Telegram, and BlackBerry Messenger.1
mobile T1512 Video Capture RCSAndroid can capture photos using the front and back cameras.1