Desert Scorpion

Description

(Lookout) The malicious capabilities observed in the second stage include the following: • Upload attacker-specified files to C2 servers • Get list of installed applications • Get device metadata • Inspect itself to get a list of launchable activities • Retrieves PDF, txt, doc, xls, xlsx, ppt, pptx files found on external storage • Send SMS • Retrieve text messages • Track device location • Handle limited attacker commands via out of band text messages • Record surrounding audio • Record calls • Record video • Retrieve account information such as email addresses • Retrieve contacts • Removes copies of itself if any additional APKs are downloaded to external storage. • Call an attacker-specified number • Uninstall apps • Check if a device is rooted • Hide its icon • Retrieve list of files on external storage • If running on a Huawei device it will attempt to add itself to the protected list of apps able to run with the screen off • Encrypts some exfiltrated data

Names

Name
Desert Scorpion

Type

Reconnaissance
Backdoor
Info stealer
Exfiltration

Information

https://blog.lookout.com/desert-scorpion-google-play

Mitre Attack

https://attack.mitre.org/software/S0505/

Other Information

Uuid

98d061ee-cea8-4987-9ae5-554d09404413

Last Card Change

2022-12-30

Threat Intelligence Garden

Explorer

Desert Scorpion

Desert Scorpion

Description

Names

Category

Type

Information

Mitre Attack

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks