{
	"id": "beb3a424-7323-4e03-b270-2f80895719b9",
	"created_at": "2026-04-06T00:08:10.795414Z",
	"updated_at": "2026-04-10T13:11:50.675543Z",
	"deleted_at": null,
	"sha1_hash": "3c3ac6e60ba6ff67565083c4ed9df5ebc370bac9",
	"title": "APP-28 · Mobile Threat Catalogue",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 40453,
	"plain_text": "APP-28 · Mobile Threat Catalogue\r\nArchived: 2026-04-02 10:45:29 UTC\r\nMobile Threat Catalogue\r\nEncrypting and Ransoming Files\r\nContribute\r\nThreat Category: Malicious or privacy-invasive application\r\nID: APP-28\r\nThreat Description: A malicious app with permission to modify files or data stored in shared locations, such as\r\nexternal media or contacts could potentially overwrite an original file or data object with an encoded or encrypted\r\none. The attacker could then demand some form of payment in exchange for returning randomed data to a usable\r\nstate.\r\nThreat Origin\r\nNot Applicable, See Exploit or CVE Examples\r\nExploit Examples\r\nNew Android Trojan xBot Phishes Credit Cards and Bank Accounts, Encrypts Devices for Ransom 1\r\nCVE Examples\r\nPossible Countermeasures\r\nEnterprise\r\nDeploy MAM or MDM solutions with policies that prohibit the side-loading of apps, which may bypass security\r\nchecks on the app.\r\nDeploy MAM or MDM solutions with policies that prohibit the installation of apps from 3rd party (unofficial) app\r\nstores.\r\nUse application threat intelligence data about apps that maliciously encrypt user data.\r\nUse app-vetting tools or services to identify apps that maliciously encrypt user data.\r\nMobile Device User\r\nUse Android Verify Apps feature to identify potentially harmful apps.\r\nhttps://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-28.html\r\nPage 1 of 2\n\nReferences\r\nSource: https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-28.html\r\nhttps://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-28.html\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-28.html"
	],
	"report_names": [
		"APP-28.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775434090,
	"ts_updated_at": 1775826710,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/3c3ac6e60ba6ff67565083c4ed9df5ebc370bac9.pdf",
		"text": "https://archive.orkl.eu/3c3ac6e60ba6ff67565083c4ed9df5ebc370bac9.txt",
		"img": "https://archive.orkl.eu/3c3ac6e60ba6ff67565083c4ed9df5ebc370bac9.jpg"
	}
}