Tangelo

Tangelo is iOS malware that is believed to be from the same developers as the Stealth Mango Android malware. It is not a mobile application, but rather a Debian package that can only run on jailbroken iOS devices. ^[1]

ID: S0329

ⓘ

Type: MALWARE

ⓘ

Platforms: iOS

Version: 1.2

Created: 17 October 2018

Last Modified: 24 October 2022

Version Permalink

Live Version

Techniques Used

Domain	ID		Name	Use
Mobile	T1429		Audio Capture	Tangelo contains functionality to record calls as well as the victim device's environment.^[1]
Mobile	T1533		Data from Local System	Tangelo accesses browser history, pictures, and videos.^[1]
Mobile	T1430		Location Tracking	Tangelo contains functionality to gather GPS coordinates.^[1]
Mobile	T1636	.002	Protected User Data: Call Log	Tangelo contains functionality to gather call logs.^[1]
		.004	Protected User Data: SMS Messages	Tangelo contains functionality to gather SMS messages.^[1]
Mobile	T1409		Stored Application Data	Tangelo accesses databases from WhatsApp, Viber, Skype, and Line.^[1]
Mobile	T1422		System Network Configuration Discovery	Tangelo contains functionality to gather cellular IDs.^[1]

References

Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.

Tangelo

Mobile Layer

Techniques Used

References