- Home
- Techniques
- Mobile
- Alternate Network Mediums
Alternate Network Mediums
Adversaries can communicate using cellular networks rather than enterprise Wi-Fi in order to bypass enterprise network monitoring systems. Adversaries may also communicate using other non-Internet Protocol mediums such as SMS, NFC, or Bluetooth to bypass network monitoring systems.
Procedure Examples
| Name | Description |
|---|---|
| Android/Chuli.A |
Android/Chuli.A used SMS to receive command and control messages.[1] |
| Desert Scorpion |
Desert Scorpion can be controlled using SMS messages.[2] |
| Gustuff |
Gustuff can use SMS for command and control from a defined admin phone number.[3] |
| Monokle |
Monokle can be controlled via email and SMS/phone call from a set of "control phones."[4] |
| Pegasus for Android |
Pegasus for Android uses SMS for command and control.[5] |
| Pegasus for iOS |
Pegasus for iOS uses SMS for command and control.[6] |
| RCSAndroid |
RCSAndroid can use SMS for command and control.[7] |
| Rotexy | |
| Skygofree | |
| SpyDealer |
SpyDealer enables remote control of the victim through SMS channels.[10] |
| Stealth Mango |
Stealth Mango uses commands received from text messages for C2.[11] |
| TrickMo |
Mitigations
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.
References
- Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016.
- A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020.
- Vitor Ventura. (2019, April 9). Gustuff banking botnet targets Australia . Retrieved September 3, 2019.
- Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.
- Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.
- Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.
- Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.
- T. Shishkova, L. Pikman. (2018, November 22). The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.
- Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.
- Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.
- Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.
- P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020.