TianySpy

TianySpy is a mobile malware primarily spread by SMS phishing between September 30 and October 12, 2021. TianySpy is believed to have targeted credentials associated with membership websites of major Japanese telecommunication services.^[1]

ID: S1056

ⓘ

Type: MALWARE

ⓘ

Platforms: Android, iOS

Version: 1.0

Created: 19 January 2023

Last Modified: 29 March 2023

Techniques Used

Domain	ID		Name	Use
Mobile	T1623		Command and Scripting Interpreter	TianySpy can steal information via malicious JavaScript.^[1]
Mobile	T1639		Exfiltration Over Alternative Protocol	TianySpy can exfiltrate collected user data, including credentials and authorized cookies, via email.^[1]
Mobile	T1417	.002	Input Capture: GUI Input Capture	TianySpy can utilize WebViews to display fake authentication pages that capture user credentials.^[1]
Mobile	T1406		Obfuscated Files or Information	TianySpy has encrypted C2 details, email addresses, and passwords.^[1]
Mobile	T1632	.001	Subvert Trust Controls: Code Signing Policy Modification	TianySpy can install malicious configurations on iPhones to allow malware to be installed via Ad Hoc distribution.^[1]
Mobile	T1426		System Information Discovery	TianySpy can gather device UDIDs.^[1]
Mobile	T1422		System Network Configuration Discovery	TianySpy can check to see if Wi-Fi is enabled.^[1]
		.001	Internet Connection Discovery	TianySpy can check to see if WiFi is enabled.^[1]
		.002	Wi-Fi Discovery	TianySpy can check to see if Wi-Fi is enabled.^[1]

References

Trend Micro. (2022, January 25). TianySpy Malware Uses Smishing Disguised as Message From Telco. Retrieved January 11, 2023.

TianySpy

Mobile Layer

Techniques Used

References