Register to stream ATT&CKcon 2.0 October 29-30


RCSAndroid is Android malware. [1]

ID: S0295
Platforms: Android
Version: 1.1

Techniques Used

Domain ID Name Use
Mobile T1409 Access Sensitive Data or Credentials in Files RCSAndroid can collect passwords for Wi-Fi networks and online accounts, including Skype, Facebook, Twitter, Google, WhatsApp, Mail, and LinkedIn. [1]
Mobile T1438 Alternate Network Mediums RCSAndroid can use SMS for command and control. [1]
Mobile T1414 Capture Clipboard Data RCSAndroid can monitor clipboard content. [1]
Mobile T1412 Capture SMS Messages RCSAndroid can collect SMS, MMS, and Gmail messages. [1]
Mobile T1407 Download New Code at Runtime RCSAndroid has the ability to dynamically download and execute new code at runtime. [1]
Mobile T1430 Location Tracking RCSAndroid can record location. [1]
Mobile T1429 Microphone or Camera Recordings RCSAndroid can record using the microphone as well as capture photos using the front and back cameras. [1]