S0320 DroidJack
DroidJack is an Android remote access tool that has been observed posing as legitimate applications including the Super Mario Run and Pokemon GO games. 2 1
| Item | Value |
|---|---|
| ID | S0320 |
| Associated Names | |
| Type | MALWARE |
| Version | 1.2 |
| Created | 25 October 2017 |
| Last Modified | 16 April 2025 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| mobile | T1429 | Audio Capture | DroidJack is capable of recording device phone calls.2 |
| mobile | T1655 | Masquerading | - |
| mobile | T1655.001 | Match Legitimate Name or Location | DroidJack included code from the legitimate Pokemon GO app in order to appear identical to the user, but it also included additional malicious code.1 |
| mobile | T1636 | Protected User Data | - |
| mobile | T1636.002 | Call Log | DroidJack captures call data.2 |
| mobile | T1636.004 | SMS Messages | DroidJack captures SMS data.2 |
| mobile | T1512 | Video Capture | DroidJack can capture video using device cameras.2 |