{ "id": "812fb4d2-ceb1-412d-bd53-6311d240dd98", "created_at": "2026-04-06T00:10:04.242232Z", "updated_at": "2026-04-10T03:30:33.495038Z", "deleted_at": null, "sha1_hash": "76e55abd039db7302b5ca096ebe52b647489691b", "title": "APP-43 · Mobile Threat Catalogue", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 33142, "plain_text": "APP-43 · Mobile Threat Catalogue\r\nArchived: 2026-04-05 14:16:23 UTC\r\nMobile Threat Catalogue\r\nMalware Uninstalls Itself\r\nContribute\r\nThreat Category: Malicious or privacy-invasive application\r\nID: APP-43\r\nThreat Description: By abusing root privileges, a malicious application could avoid detection by automatically\r\ndeleting itself (with no user interaction) after executing malicious behaviors. This would reduce the opportunity\r\nfor detection and identification of the malicious activity, which may further prevent or limit the ability for a victim\r\nto recover from the attack.\r\nThreat Origin\r\nAn investigation of Chrysaor Malware on Android 1\r\nExploit Examples\r\nAn investigation of Chrysaor Malware on Android 1\r\nCVE Examples\r\nPossible Countermeasures\r\nEnterprise\r\nTo help reduce the opportunity for attack following availability of patches, ensure timely installation of mobile OS\r\nsecurity updates.\r\nOn Android devices, to prevent an attacker from remotely installing malicious applications from unknown\r\nsources, ensure Security \u003e Unknown Sources is turned off; an enterprise can deploy EMM solutions that enforce a\r\npolicy to never permit the installation of apps from unknown sources.\r\nTo decrease the time-to-detection following the installation of a malicious app, deploy on-device agents that\r\nautomatically detect the installation of any app and initiate either local (on-device) or remote processes for\r\ndetection and identification of malware and potentially-harmful applications.\r\nMobile Device User\r\nhttps://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-43.html\r\nPage 1 of 2\n\nTo help reduce the opportunity for attack following availability of patches, ensure timely installation of mobile OS\r\nsecurity updates.\r\nTo reduce the potential of installing malicious applications, download public apps directly from an official app\r\nstore (e.g., Google Play, iTunes Store).\r\nOn Android devices, to prevent an attacker from remotely installing malicious applications from unknown\r\nsources, ensure Security \u003e Unknown Sources is turned off; an enterprise can deploy EMM solutions that enforce a\r\npolicy to never permit the installation of apps from unknown sources.\r\nTo decrease the time-to-detection following the installation of a malicious app, deploy on-device agents that\r\nautomatically detect the installation of any app and initiate either local (on-device) or remote processes for\r\ndetection and identification of malware and potentially-harmful applications.\r\nReferences\r\nSource: https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-43.html\r\nhttps://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-43.html\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "MITRE" ], "references": [ "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-43.html" ], "report_names": [ "APP-43.html" ], "threat_actors": [ { "id": "75108fc1-7f6a-450e-b024-10284f3f62bb", "created_at": "2024-11-01T02:00:52.756877Z", "updated_at": "2026-04-10T02:00:05.273746Z", "deleted_at": null, "main_name": "Play", "aliases": null, "source_name": "MITRE:Play", "tools": [ "Nltest", "AdFind", "PsExec", "Wevtutil", "Cobalt Strike", "Playcrypt", "Mimikatz" ], "source_id": "MITRE", "reports": null } ], "ts_created_at": 1775434204, "ts_updated_at": 1775791833, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/76e55abd039db7302b5ca096ebe52b647489691b.pdf", "text": "https://archive.orkl.eu/76e55abd039db7302b5ca096ebe52b647489691b.txt", "img": "https://archive.orkl.eu/76e55abd039db7302b5ca096ebe52b647489691b.jpg" } }