DroidJack is an Android remote access tool that has been observed posing as legitimate applications including the Super Mario Run and Pokemon GO games. [1] [2]

ID: S0320
Platforms: Android
Version: 1.2
Created: 25 October 2017
Last Modified: 20 May 2022

Techniques Used

Domain ID Name Use
Mobile T1429 Audio Capture

DroidJack is capable of recording device phone calls.[1]

Mobile T1655 .001 Masquerading: Match Legitimate Name or Location

DroidJack included code from the legitimate Pokemon GO app in order to appear identical to the user, but it also included additional malicious code.[2]

Mobile T1636 .002 Protected User Data: Call Log

DroidJack captures call data.[1]

.004 Protected User Data: SMS Messages

DroidJack captures SMS data.[1]

Mobile T1512 Video Capture

DroidJack can capture video using device cameras.[1]