Skip to content

S0329 Tangelo

Tangelo is iOS malware that is believed to be from the same developers as the Stealth Mango Android malware. It is not a mobile application, but rather a Debian package that can only run on jailbroken iOS devices. 1

Item Value
ID S0329
Associated Names
Version 1.2
Created 17 October 2018
Last Modified 24 October 2022
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
mobile T1429 Audio Capture Tangelo contains functionality to record calls as well as the victim device’s environment.1
mobile T1533 Data from Local System Tangelo accesses browser history, pictures, and videos.1
mobile T1430 Location Tracking Tangelo contains functionality to gather GPS coordinates.1
mobile T1636 Protected User Data -
mobile T1636.002 Call Log Tangelo contains functionality to gather call logs.1
mobile T1636.004 SMS Messages Tangelo contains functionality to gather SMS messages.1
mobile T1409 Stored Application Data Tangelo accesses databases from WhatsApp, Viber, Skype, and Line.1
mobile T1422 System Network Configuration Discovery Tangelo contains functionality to gather cellular IDs.1