Common Information
| Type | Value |
|---|---|
| Value |
Deliver Malicious App via Other Means - T1476 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Malicious applications are a common attack vector used by adversaries to gain a presence on mobile devices. This technique describes installing a malicious application on targeted mobile devices without involving an authorized app store (e.g., Google Play Store or Apple App Store). Adversaries may wish to avoid placing malicious applications in an authorized app store due to increased potential risk of detection or other reasons. However, mobile devices often are configured to allow application installation only from an authorized app store which would prevent this technique from working. Delivery methods for the malicious application include: * [Spearphishing Attachment](https://attack.mitre.org/techniques/T1566/001) - Including the mobile app package as an attachment to an email message. * [Spearphishing Link](https://attack.mitre.org/techniques/T1566/002) - Including a link to the mobile app package within an email, text message (e.g. SMS, iMessage, Hangouts, WhatsApp, etc.), web site, QR code, or other means. * Third-Party App Store - Installed from a third-party app store (as opposed to an authorized app store that the device implicitly trusts as part of its default behavior), which may not apply the same level of scrutiny to apps as applied by an authorized app store.(Citation: IBTimes-ThirdParty)(Citation: TrendMicro-RootingMalware)(Citation: TrendMicro-FlappyBird) Some Android malware comes with functionality to install additional applications, either automatically or when the adversary instructs it to.(Citation: android-trojan-steals-paypal-2fa) |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2023-03-14 | 20 | GoatRAT: Android Banking Trojan Variant Targeting Brazilian Banks | ||
| Details | Website | 2023-01-26 | 49 | The Godfather Banking Trojan Expands Application Targeting to Affect More Europe-Based Victims | ||
| Details | Website | 2022-12-09 | 39 | Threat Actors Targeting Fans Amid FIFA World Cup Fever | ||
| Details | Website | 2022-11-15 | 48 | Phishing Campaign Targeting Indonesian BRI Bank Using SMS Stealer | ||
| Details | Website | 2022-10-20 | 13 | Domestic Kitten campaign spying on Iranian citizens with new FurBall malware | WeLiveSecurity | ||
| Details | Website | 2022-09-13 | 121 | Phishing Campaign targets Japanese tax payers | ||
| Details | Website | 2022-07-13 | 26 | AIRAVAT Malware Targeting Android Users | ||
| Details | Website | 2022-03-16 | 92 | Avira Labs Research Reveals Hydra Banking Trojan 2.0 targeting a wider network of German and Austrian banks | ||
| Details | Website | 2021-04-08 | 65 | Android apps targeting JIO users in India | Zscaler Blog | ||
| Details | Website | 2020-12-24 | 78 | AridViper Windows Malware Threat Intel Advisory | Threat Intelligence | CloudSEK | ||
| Details | Website | 2020-06-24 | 11 | New ransomware posing as COVID‑19 tracing app targets Canada; ESET offers decryptor | WeLiveSecurity | ||
| Details | Website | 2019-07-10 | 149 | Virus Bulletin :: VB2019 paper: Pulling the PKPLUG: the adversary playbook for the long-standing espionage activity of a Chinese nation-state adversary |