Skip to content

S0426 Concipit1248

Concipit1248 is iOS spyware that was discovered using the same name as the developer of the Android spyware Corona Updates. Further investigation revealed that the two pieces of software contained the same C2 URL and similar functionality.1

Item Value
ID S0426
Associated Names Corona Updates
Type MALWARE
Version 1.0
Created 24 April 2020
Last Modified 30 April 2020
Navigation Layer View In ATT&CK® Navigator

Associated Software Descriptions

Name Description
Corona Updates 1

Techniques Used

Domain ID Name Use
mobile T1512 Capture Camera Concipit1248 requests permissions to use the device camera.1
mobile T1533 Data from Local System Concipit1248 can collect device photos.1
mobile T1475 Deliver Malicious App via Authorized App Store Concipit1248 has been distributed through the App Store.1
mobile T1437 Standard Application Layer Protocol Concipit1248 communicates with the C2 server using HTTP requests.1

References

  1. T. Bao, J. Lu. (2020, April 14). Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020. 

Back to top