Names | FrozenCell | |
Category | Malware | |
Type | Backdoor, Info stealer, Exfiltration | |
Description | (Lookout) FrozenCell masquerades as fake updates to chat applications like Facebook, WhatsApp, Messenger, LINE, and LoveChat. We also detected it in apps targeted toward specific Middle Eastern demographics. For example, the actors behind FrozenCell used a spoofed app called Tawjihi 2016, which Jordanian or Palestinian students would ordinarily use during their general secondary examination. Once installed on a device FrozenCell is capable of: • Recording calls • Retrieving generic phone metadata (e.g., cell location, mobile country code, mobile network code) • Geolocating a device • Extracting SMS messages • Retrieving a victim's accounts • Exfiltrating images • Downloading and installing additional applications • Searching for and exfiltrating pdf, doc, docx, ppt, pptx, xls, and xlsx file types • Retrieving contacts | |
Information | <https://blog.lookout.com/frozencell-mobile-threat> | |
AlienVault OTX | <https://otx.alienvault.com/browse/pulses?q=tag:FrozenCell> |
Last change to this tool card: 20 April 2020
Download this tool card in JSON format
Changed | Name | Country | Observed | ||
APT groups | |||||
Desert Falcons | [Gaza] | 2011-Dec 2020 ![]() | ![]() |
1 group listed (1 APT, 0 other, 0 unknown)
Thailand Computer Emergency Response Team (ThaiCERT) Follow us on![]() ![]() |
Report incidents |
|
![]() |
+66 (0)2-123-1234 | |
![]() |
report@thaicert.or.th | |
![]() |
Download PGP key |