Delete Device Data

An adversary could wipe the entire device contents or delete specific files. A malicious application could obtain and abuse Android device administrator access to wipe the entire device.[1] Access to external storage directories or escalated privileges could be used to delete individual files.

ID: T1447
Sub-techniques:  No sub-techniques
Tactic Type: Post-Adversary Device Access
Tactic: Impact
Platforms: Android
Version: 2.0
Created: 25 October 2017
Last Modified: 25 September 2019

Procedure Examples

Name Description
Agent Smith

Agent Smith deletes infected applications’ update packages when they are detected on the system, preventing updates.[7]

FlexiSpy

FlexiSpy can delete data from a compromised device.[2]

GolfSpy

GolfSpy can delete arbitrary files on the device.[6]

Monokle

Monokle can delete arbitrary files on the device, and can also uninstall itself and clean up staging files.[4]

Pallas

Pallas has the ability to delete attacker-specified files from compromised devices.[3]

ViceLeaker

ViceLeaker can delete arbitrary files from the device.[5]

Mitigations

Mitigation Description
Caution with Device Administrator Access

References