MobileOrder

Malware Profile Updated 24 days ago
Download STIX
Preview STIX
MobileOrder is a sophisticated piece of malware designed to exploit mobile devices. It operates by registering itself as a device administrator, thus preventing users from simply uninstalling it through regular settings. MobileOrder communicates with its command and control (C2) server over TCP port 3728, receiving instructions referred to as "orders". These orders are executed via a robust set of commands, providing the Trojan with a wide range of capabilities. Its functionality is similar to other malware variants, but our analysis indicates that MobileOrder possesses unique characteristics. The infrastructure of MobileOrder's C2 servers shows significant overlap with other Trojans such as FakeM, Psylo, Elirks, and CallMe. This overlap, particularly evident in their domain names and/or IP resolution, suggests a shared origin or common operator behind these Trojans. Furthermore, the connection between FakeM, Psylo, and MobileOrder points towards the activities of Scarlet Mimic, a known cyber espionage group. The group appears to be expanding its efforts from targeting PCs to infiltrating mobile devices, indicating a major shift in their tactics. Unit 42 has been actively tracking this mobile Trojan due to its potential for widespread damage and data theft. The presence of MobileOrder marks an evolution in the landscape of cybersecurity threats, with more focus shifting towards mobile platforms. As mobile devices become increasingly integral in both personal and professional settings, it is crucial to develop effective countermeasures against such advanced threats like MobileOrder.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the MobileOrder Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Scarlet Mimic: Years-Long Espionage Campaign Targets Minority Activists