 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
Tool: FrozenCell| Names | FrozenCell | |
| Category | Malware | |
| Type | Backdoor, Info stealer, Exfiltration | |
| Description | (Lookout) FrozenCell masquerades as fake updates to chat applications like Facebook, WhatsApp, Messenger, LINE, and LoveChat. We also detected it in apps targeted toward specific Middle Eastern demographics. For example, the actors behind FrozenCell used a spoofed app called Tawjihi 2016, which Jordanian or Palestinian students would ordinarily use during their general secondary examination. Once installed on a device FrozenCell is capable of: • Recording calls • Retrieving generic phone metadata (e.g., cell location, mobile country code, mobile network code) • Geolocating a device • Extracting SMS messages • Retrieving a victim's accounts • Exfiltrating images • Downloading and installing additional applications • Searching for and exfiltrating pdf, doc, docx, ppt, pptx, xls, and xlsx file types • Retrieving contacts | |
| Information | <https://blog.lookout.com/frozencell-mobile-threat> | |
| MITRE ATT&CK | <https://attack.mitre.org/software/S0577/> | |
| AlienVault OTX | <https://otx.alienvault.com/browse/pulses?q=tag:FrozenCell> | |
Last change to this tool card: 30 December 2022
Download this tool card in JSON format
Previous: FrostyGoop
Next: FRP
| Changed | Name | Country | Observed | ||
APT groups | |||||
| Desert Falcons | [Gaza] | 2011-Oct 2023 |  | ||
1 group listed (1 APT, 0 other, 0 unknown)
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |