The sub-techniques beta is now live! Read the release blog post for more info.


DroidJack is an Android remote access tool that has been observed posing as legitimate applications including the Super Mario Run and Pokemon GO games. [1] [2]

ID: S0320
Platforms: Android
Version: 1.2
Created: 25 October 2017
Last Modified: 09 August 2019

Techniques Used

Domain ID Name Use
Mobile T1433 Access Call Log

DroidJack captures call data.[1]

Mobile T1429 Capture Audio

DroidJack is capable of recording device phone calls.[1]

Mobile T1512 Capture Camera

DroidJack can capture video using device cameras.[1]

Mobile T1412 Capture SMS Messages

DroidJack captures SMS data.[1]

Mobile T1444 Masquerade as Legitimate Application

DroidJack included code from the legitimate Pokemon GO app in order to appear identical to the user, but it also included additional malicious code.[2]