RCSAndroid is Android malware. [1]

ID: S0295
Platforms: Android
Version: 1.2
Created: 25 October 2017
Last Modified: 10 October 2019

Techniques Used

Domain ID Name Use
Mobile T1409 Access Stored Application Data

RCSAndroid can collect contacts and messages from popular applications, including Facebook Messenger, WhatsApp, Skype, Viber, Line, WeChat, Hangouts, Telegram, and BlackBerry Messenger.[1]

Mobile T1438 Alternate Network Mediums

RCSAndroid can use SMS for command and control.[1]

Mobile T1429 Capture Audio

RCSAndroid can record audio using the device microphone.[1]

Mobile T1512 Capture Camera

RCSAndroid can capture photos using the front and back cameras.[1]

Mobile T1414 Capture Clipboard Data

RCSAndroid can monitor clipboard content.[1]

Mobile T1412 Capture SMS Messages

RCSAndroid can collect SMS, MMS, and Gmail messages.[1]

Mobile T1533 Data from Local System

RCSAndroid can collect passwords for Wi-Fi networks and online accounts, including Skype, Facebook, Twitter, Google, WhatsApp, Mail, and LinkedIn.[1]

Mobile T1407 Download New Code at Runtime

RCSAndroid has the ability to dynamically download and execute new code at runtime.[1]

Mobile T1430 Location Tracking

RCSAndroid can record location.[1]