Skip to content

S1056 TianySpy

TianySpy is a mobile malware primarily spread by SMS phishing between September 30 and October 12, 2021. TianySpy is believed to have targeted credentials associated with membership websites of major Japanese telecommunication services.1

Item Value
ID S1056
Associated Names
Version 1.0
Created 19 January 2023
Last Modified 29 March 2023
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
mobile T1623 Command and Scripting Interpreter TianySpy can steal information via malicious JavaScript.1
mobile T1639 Exfiltration Over Alternative Protocol TianySpy can exfiltrate collected user data, including credentials and authorized cookies, via email.1
mobile T1417 Input Capture -
mobile T1417.002 GUI Input Capture TianySpy can utilize WebViews to display fake authentication pages that capture user credentials.1
mobile T1406 Obfuscated Files or Information TianySpy has encrypted C2 details, email addresses, and passwords.1
mobile T1632 Subvert Trust Controls -
mobile T1632.001 Code Signing Policy Modification TianySpy can install malicious configurations on iPhones to allow malware to be installed via Ad Hoc distribution.1
mobile T1426 System Information Discovery TianySpy can gather device UDIDs.1
mobile T1422 System Network Configuration Discovery TianySpy can check to see if WiFi is enabled.1