Skip to content

S0295 RCSAndroid

RCSAndroid is Android malware. 1

Item Value
ID S0295
Associated Names
Version 1.2
Created 25 October 2017
Last Modified 10 October 2019
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
mobile T1409 Access Stored Application Data RCSAndroid can collect contacts and messages from popular applications, including Facebook Messenger, WhatsApp, Skype, Viber, Line, WeChat, Hangouts, Telegram, and BlackBerry Messenger.1
mobile T1438 Alternate Network Mediums RCSAndroid can use SMS for command and control.1
mobile T1429 Capture Audio RCSAndroid can record audio using the device microphone.1
mobile T1512 Capture Camera RCSAndroid can capture photos using the front and back cameras.1
mobile T1414 Capture Clipboard Data RCSAndroid can monitor clipboard content.1
mobile T1412 Capture SMS Messages RCSAndroid can collect SMS, MMS, and Gmail messages.1
mobile T1533 Data from Local System RCSAndroid can collect passwords for Wi-Fi networks and online accounts, including Skype, Facebook, Twitter, Google, WhatsApp, Mail, and LinkedIn.1
mobile T1407 Download New Code at Runtime RCSAndroid has the ability to dynamically download and execute new code at runtime.1
mobile T1430 Location Tracking RCSAndroid can record location.1


Back to top