RCSAndroid is Android malware. [1]

ID: S0295
Platforms: Android
Version: 1.2
Created: 25 October 2017
Last Modified: 24 October 2022

Techniques Used

Domain ID Name Use
Mobile T1429 Audio Capture

RCSAndroid can record audio using the device microphone.[1]

Mobile T1414 Clipboard Data

RCSAndroid can monitor clipboard content.[1]

Mobile T1533 Data from Local System

RCSAndroid can collect passwords for Wi-Fi networks and online accounts, including Skype, Facebook, Twitter, Google, WhatsApp, Mail, and LinkedIn.[1]

Mobile T1407 Download New Code at Runtime

RCSAndroid has the ability to dynamically download and execute new code at runtime.[1]

Mobile T1430 Location Tracking

RCSAndroid can record location.[1]

Mobile T1644 Out of Band Data

RCSAndroid can use SMS for command and control.[1]

Mobile T1636 .004 Protected User Data: SMS Messages

RCSAndroid can collect SMS, MMS, and Gmail messages.[1]

Mobile T1409 Stored Application Data

RCSAndroid can collect contacts and messages from popular applications, including Facebook Messenger, WhatsApp, Skype, Viber, Line, WeChat, Hangouts, Telegram, and BlackBerry Messenger.[1]

Mobile T1512 Video Capture

RCSAndroid can capture photos using the front and back cameras.[1]