SpyDealer is Android malware that exfiltrates sensitive data from Android devices. [1]

ID: S0324
Platforms: Android

Version: 1.1

Techniques Used

MobileT1453Abuse Accessibility FeaturesSpyDealer abuses Android Accessibility features to steal messages from popular apps such as WeChat, Skype, Viber, and QQ.[1]
MobileT1433Access Call LogSpyDealer harvests phone call history from victims..[1]
MobileT1432Access Contact ListSpyDealer harvests contact lists from victims.[1]
MobileT1409Access Sensitive Data or Credentials in FilesSpyDealer exfiltrates data from over 40 apps such as WeChat, Facebook, WhatsApp, Skype, and others.[1]
MobileT1438Alternate Network MediumsSpyDealer enables remote control of the victim through SMS channels.[1]
MobileT1402App Auto-Start at Device BootSpyDealer registers the broadcast receiver to listen for events related to device boot-up.[1]
MobileT1412Capture SMS MessagesSpyDealer harvests SMS and MMS messages from victims..[1]
MobileT1407Download New Code at RuntimeSpyDealer downloads and executes root exploits from a remote server.[1]
MobileT1404Exploit OS VulnerabilitySpyDealer uses the commercial rooting app Baidu Easy Root to gain root privilege and maintain persistence on the victim.[1]
MobileT1430Location TrackingSpyDealer harvests location data from victims..[1]
MobileT1429Microphone or Camera RecordingsSpyDealer can record phone calls and surrounding audio and video, as well as take photos via front and rear cameras.[1]
MobileT1400Modify System PartitionSpyDealer maintains persistence by installing an Android application package (APK) on the system partition.[1]
MobileT1422System Network Configuration DiscoverySpyDealer harvests phone number IMEI, and IMSI.[1]