The sub-techniques beta is now live! Read the release blog post for more info.


Tangelo is iOS malware that is believed to be from the same developers as the Stealth Mango Android malware. It is not a mobile application, but rather a Debian package that can only run on jailbroken iOS devices. [1]

ID: S0329
Platforms: iOS
Version: 1.2
Created: 17 October 2018
Last Modified: 10 October 2019

Techniques Used

Domain ID Name Use
Mobile T1433 Access Call Log

Tangelo contains functionality to gather call logs.[1]

Mobile T1409 Access Stored Application Data

Tangelo accesses databases from WhatsApp, Viber, Skype, and Line.[1]

Mobile T1429 Capture Audio

Tangelo contains functionality to record calls as well as the victim device's environment.[1]

Mobile T1412 Capture SMS Messages

Tangelo contains functionality to gather SMS messages.[1]

Mobile T1533 Data from Local System

Tangelo accesses browser history, pictures, and videos.[1]

Mobile T1430 Location Tracking

Tangelo contains functionality to gather GPS coordinates.[1]

Mobile T1422 System Network Configuration Discovery

Tangelo contains functionality to gather cellular IDs.[1]