TianySpy is a mobile malware primarily spread by SMS phishing between September 30 and October 12, 2021. TianySpy is believed to have targeted credentials associated with membership websites of major Japanese telecommunication services.[1]

ID: S1056
Platforms: Android, iOS
Version: 1.0
Created: 19 January 2023
Last Modified: 29 March 2023

Techniques Used

Domain ID Name Use
Mobile T1623 Command and Scripting Interpreter

TianySpy can steal information via malicious JavaScript.[1]

Mobile T1639 Exfiltration Over Alternative Protocol

TianySpy can exfiltrate collected user data, including credentials and authorized cookies, via email.[1]

Mobile T1417 .002 Input Capture: GUI Input Capture

TianySpy can utilize WebViews to display fake authentication pages that capture user credentials.[1]

Mobile T1406 Obfuscated Files or Information

TianySpy has encrypted C2 details, email addresses, and passwords.[1]

Mobile T1632 .001 Subvert Trust Controls: Code Signing Policy Modification

TianySpy can install malicious configurations on iPhones to allow malware to be installed via Ad Hoc distribution.[1]

Mobile T1426 System Information Discovery

TianySpy can gather device UDIDs.[1]

Mobile T1422 System Network Configuration Discovery

TianySpy can check to see if Wi-Fi is enabled.[1]

.001 Internet Connection Discovery

TianySpy can check to see if WiFi is enabled.[1]

.002 Wi-Fi Discovery

TianySpy can check to see if Wi-Fi is enabled.[1]