Names | Desert Scorpion | |
Category | Malware | |
Type | Reconnaissance, Backdoor, Info stealer, Exfiltration | |
Description | (Lookout) The malicious capabilities observed in the second stage include the following: • Upload attacker-specified files to C2 servers • Get list of installed applications • Get device metadata • Inspect itself to get a list of launchable activities • Retrieves PDF, txt, doc, xls, xlsx, ppt, pptx files found on external storage • Send SMS • Retrieve text messages • Track device location • Handle limited attacker commands via out of band text messages • Record surrounding audio • Record calls • Record video • Retrieve account information such as email addresses • Retrieve contacts • Removes copies of itself if any additional APKs are downloaded to external storage. • Call an attacker-specified number • Uninstall apps • Check if a device is rooted • Hide its icon • Retrieve list of files on external storage • If running on a Huawei device it will attempt to add itself to the protected list of apps able to run with the screen off • Encrypts some exfiltrated data | |
Information | <https://blog.lookout.com/desert-scorpion-google-play> |
Last change to this tool card: 19 October 2020
Download this tool card in JSON format
Changed | Name | Country | Observed | ||
APT groups | |||||
Desert Falcons | [Gaza] | 2011-Dec 2020 ![]() | ![]() |
1 group listed (1 APT, 0 other, 0 unknown)
Thailand Computer Emergency Response Team (ThaiCERT) Follow us on![]() ![]() |
Report incidents |
|
![]() |
+66 (0)2-123-1234 | |
![]() |
report@thaicert.or.th | |
![]() |
Download PGP key |