Conceal Multimedia Files - T1628.003 (ea132c68-b518-4478-ae8d-1763cda26ee3)
Adversaries may attempt to hide multimedia files from the user. By doing so, adversaries may conceal captured files, such as pictures, videos and/or screenshots, then later exfiltrate those files.
Specific to Android devices, if the .nomedia file is present in a folder, multimedia files in that folder will not be visible to the user in the Gallery application. Additionally, other applications are asked not to scan the folder with the .nomedia file, effectively making the folder appear invisible to the user.
This technique is often used by stalkerware and spyware applications.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Hide Artifacts - T1628 (fc53309d-ebd5-4573-9242-57024ebdad4f) | Attack Pattern | Conceal Multimedia Files - T1628.003 (ea132c68-b518-4478-ae8d-1763cda26ee3) | Attack Pattern | 1 |