Common Information
| Type | Value |
|---|---|
| Value |
Device Administrator Permissions - T1626.001 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may abuse Android’s device administration API to obtain a higher degree of control over the device. By abusing the API, adversaries can perform several nefarious actions, such as resetting the device’s password for [Endpoint Denial of Service](https://attack.mitre.org/techniques/T1642), factory resetting the device for [File Deletion](https://attack.mitre.org/techniques/T1630/002) and to delete any traces of the malware, disabling all the device’s cameras, or to make it more difficult to uninstall the app. Device administrators must be approved by the user at runtime, with a system popup showing which actions have been requested by the app. In conjunction with other techniques, such as [Input Injection](https://attack.mitre.org/techniques/T1516), an app can programmatically grant itself administrator permissions without any user input. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-10-30 | 154 | Крысиный король: как Android-троян CraxsRAT ворует данные пользователей | Блог F.A.C.C.T. | ||
| Details | Website | 2024-08-01 | 34 | BlankBot - a new Android banking trojan with screen recording,… | ||
| Details | Website | 2022-10-25 | 27 | ERMAC 2.0 Evades MFA to Steal Banking Credentials of Over 400 Android Apps | ||
| Details | Website | 2022-03-16 | 92 | Avira Labs Research Reveals Hydra Banking Trojan 2.0 targeting a wider network of German and Austrian banks | ||
| Details | Website | 2017-12-19 | 0 | Lo lo lo Loapi Trojan could break your Android | Malwarebytes Labs | ||
| Details | Website | 2017-12-18 | 75 | Jack of all trades | ||
| Details | Website | 2017-08-28 | 9 | The WireX Botnet: How Industry Collaboration Disrupted a DDoS Attack |