Tangelo

Tangelo is iOS malware that is believed to be from the same developers as the Stealth Mango Android malware. It is not a mobile application, but rather a Debian package that can only run on jailbroken iOS devices. [1]

ID: S0329
Type: MALWARE
Platforms: iOS
Version: 1.2
Created: 17 October 2018
Last Modified: 24 October 2022

Techniques Used

Domain ID Name Use
Mobile T1429 Audio Capture

Tangelo contains functionality to record calls as well as the victim device's environment.[1]

Mobile T1533 Data from Local System

Tangelo accesses browser history, pictures, and videos.[1]

Mobile T1430 Location Tracking

Tangelo contains functionality to gather GPS coordinates.[1]

Mobile T1636 .002 Protected User Data: Call Log

Tangelo contains functionality to gather call logs.[1]

.004 Protected User Data: SMS Messages

Tangelo contains functionality to gather SMS messages.[1]

Mobile T1409 Stored Application Data

Tangelo accesses databases from WhatsApp, Viber, Skype, and Line.[1]

Mobile T1422 System Network Configuration Discovery

Tangelo contains functionality to gather cellular IDs.[1]

References