Remotely Install Application - T1443 (831e3269-da49-48ac-94dc-948008e8fd16)
An adversary with control of a target's Google account can use the Google Play Store's remote installation capability to install apps onto the Android devices associated with the Google account as described in (Citation: Oberheide-RemoteInstall), (Citation: Konoth). However, only applications that are available for download through the Google Play Store can be remotely installed using this technique.
Detection: An EMM/MDM or mobile threat protection solution can identify the presence of unwanted or known insecure or malicious apps on devices.
Platforms: Android
Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
---|---|---|---|---|
Deliver Malicious App via Authorized App Store - T1475 (d9db3d46-66ca-44b4-9daa-1ef97cb7465a) | Attack Pattern | Remotely Install Application - T1443 (831e3269-da49-48ac-94dc-948008e8fd16) | Attack Pattern | 1 |