DroidJack

DroidJack is an Android remote access tool that has been observed posing as legitimate applications including the Super Mario Run and Pokemon GO games. [1] [2]

ID: S0320
Type: MALWARE
Platforms: Android
Version: 1.1

Techniques Used

Domain ID Name Use
Mobile T1433 Access Call Log DroidJack captures call data.[1]
Mobile T1412 Capture SMS Messages DroidJack captures SMS data.[1]
Mobile T1429 Microphone or Camera Recordings DroidJack performs call recording and video capturing.[1]
Mobile T1444 Repackaged Application DroidJack included code from the legitimate Pokemon GO app in order to appear identical to the user, but it also included additional malicious code.[2]

References