Register to stream ATT&CKcon 2.0 October 29-30

Stealth Mango

Stealth Mango is Android malware that has reportedly been used to successfully compromise the mobile devices of government officials, members of the military, medical professionals, and civilians. The iOS malware known as Tangelo is believed to be from the same developer. [1]

ID: S0328
Platforms: Android
Version: 1.1

Techniques Used

Domain ID Name Use
Mobile T1435 Access Calendar Entries Stealth Mango uploads calendar events and reminders. [1]
Mobile T1433 Access Call Log Stealth Mango uploads call logs. [1]
Mobile T1432 Access Contact List Stealth Mango uploads contact lists for various third-party applications such as Yahoo, AIM, GoogleTalk, Skype, QQ, and others. [1]
Mobile T1409 Access Sensitive Data or Credentials in Files Stealth Mango exfiltrated data, including sensitive letters/documents, stored photos, and stored audio files. [1]
Mobile T1438 Alternate Network Mediums Stealth Mango uses commands received from text messages for C2. [1]
Mobile T1418 Application Discovery Stealth Mango uploads information about installed packages. [1]
Mobile T1412 Capture SMS Messages Stealth Mango uploads SMS logs and deletes incoming messages from specified numbers, including those that contain particular strings. [1]
Mobile T1456 Drive-by Compromise Stealth Mango is delivered via a a watering hole website that mimics the third-party Android app store APKMonk. In at least one case, the watering hole URL was distributed through Facebook Messenger. [1]
Mobile T1430 Location Tracking Stealth Mango can perform GPS location tracking as well as capturing coordinates as when an SMS message or call is received. [1]
Mobile T1429 Microphone or Camera Recordings Stealth Mango can record from the camera or microphone as well as take photos from the front and back cameras. [1]
Mobile T1474 Supply Chain Compromise Stealth Mango in at least one case may have been installed using physical access to the device by a repair shop. [1]
Mobile T1422 System Network Configuration Discovery Stealth Mango uploads information about changes in SIM card or phone numbers on the device. [1]