S1056 TianySpy
TianySpy is a mobile malware primarily spread by SMS phishing between September 30 and October 12, 2021. TianySpy is believed to have targeted credentials associated with membership websites of major Japanese telecommunication services.1
| Item | Value |
|---|---|
| ID | S1056 |
| Associated Names | |
| Type | MALWARE |
| Version | 1.0 |
| Created | 19 January 2023 |
| Last Modified | 29 March 2023 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| mobile | T1623 | Command and Scripting Interpreter | TianySpy can steal information via malicious JavaScript.1 |
| mobile | T1639 | Exfiltration Over Alternative Protocol | TianySpy can exfiltrate collected user data, including credentials and authorized cookies, via email.1 |
| mobile | T1417 | Input Capture | - |
| mobile | T1417.002 | GUI Input Capture | TianySpy can utilize WebViews to display fake authentication pages that capture user credentials.1 |
| mobile | T1406 | Obfuscated Files or Information | TianySpy has encrypted C2 details, email addresses, and passwords.1 |
| mobile | T1632 | Subvert Trust Controls | - |
| mobile | T1632.001 | Code Signing Policy Modification | TianySpy can install malicious configurations on iPhones to allow malware to be installed via Ad Hoc distribution.1 |
| mobile | T1426 | System Information Discovery | TianySpy can gather device UDIDs.1 |
| mobile | T1422 | System Network Configuration Discovery | TianySpy can check to see if WiFi is enabled.1 |