1. Home
  2. Techniques
  3. Mobile
  4. Account Access Removal

Account Access Removal

Adversaries may interrupt availability of system and network resources by inhibiting access to accounts utilized by legitimate users. Accounts may be deleted, locked, or manipulated (ex: credentials changed) to remove access to accounts.

ID: T1640
Sub-techniques:  No sub-techniques
Tactic Type: Post-Adversary Device Access
Tactic: Impact
Platforms: Android
Version: 1.1
Created: 06 April 2022
Last Modified: 24 October 2025
Version Permalink

Procedure Examples

ID Name Description
S0407 Monokle

Monokle can reset the user's password/PIN.[1]

Mitigations

ID Mitigation Description
M1011 User Guidance

Users should be taught that Device Administrator permissions are very dangerous, and very few applications need it.

Detection Strategy

ID Name Analytic ID Analytic Description
DET0605 Detection of Account Access Removal AN1655

Application vetting services could closely scrutinize applications that request Device Administrator permissions.

References

  1. Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.