{
	"id": "ae59f19e-cd68-4f8c-b5d2-c04a1ff7d1e3",
	"created_at": "2026-04-06T01:31:50.835014Z",
	"updated_at": "2026-04-10T03:21:05.496879Z",
	"deleted_at": null,
	"sha1_hash": "7882f2a66bce90f6889ece8c5a8c3ec3df1278e8",
	"title": "ECO-4 · Mobile Threat Catalogue",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 46606,
	"plain_text": "ECO-4 · Mobile Threat Catalogue\r\nArchived: 2026-04-06 01:12:34 UTC\r\nMobile Threat Catalogue\r\nRemote App Installation Exploit\r\nContribute\r\nThreat Category: Mobile OS \u0026 Vendor Infrastructure\r\nID: ECO-4\r\nThreat Description: Remote installation capabilities of app stores can be exploited to install malicious apps on\r\nmobile devices.\r\nThreat Origin\r\nSymantec Internet Security Threat Report 2016 1\r\nExploit Examples\r\nHow I Almost Won Pwn2Own via XSS 2\r\nHow Anywhere Computing Just Killed Your Phone-Based Two-Factor Authentication 3\r\nCVE Examples\r\nNot Applicable\r\nPossible Countermeasures\r\nMobile Device User\r\nTo prevent an attacker from gaining unauthorized access to remote installation functionality, enable two-factor or\r\nother strong authentication methods for user accounts on app stores.\r\nTo detect unauthorized activity, including remote installation of apps, use features from Google or others to\r\nperiodically analyze account activity for suspicious logins.\r\nEnterprise\r\nTo prevent an attacker from gaining unauthorized access to remote installation functionality, enable two-factor or\r\nother strong authentication methods for user accounts on app stores.\r\nhttps://pages.nist.gov/mobile-threat-catalogue/ecosystem-threats/ECO-4.html\r\nPage 1 of 2\n\nTo detect unauthorized activity, including remote installation of apps, use features from Google or others to\r\nperiodically analyze account activity for suspicious logins.\r\nDeploy a combination of MDM, MAM, or container solutions and mobile devices that successfully enforce\r\npolicies (e.g., whitelisting) that prevent unauthorized applications from being installed to managed areas of the\r\ndevice.\r\nTo reduce the time to detection of malicious applications, use app threat intelligence services to identify malicious\r\napps installed on devices.\r\nReferences\r\n1. Internet Security Threat Report vol. 21, Symantec, 2016; https://docs.broadcom.com/doc/istr-16-april-volume-21-en [accessed 8/1/2022] ↩\r\n2. J. Oberheide, “How I Almost Won Pwn2Own via XSS”, 07 Mar. 2011;\r\nhttps://jon.oberheide.org/blog/2011/03/07/how-i-almost-won-pwn2own-via-xss/ [accessed 8/25/2016] ↩\r\n3. R. Konoth, V. van der Veen et al., “How Anywhere Computing Just Killed Your Phone-Based Two-Factor\r\nAuthentication”, in Proceedings of the 20th Conference on Financial Cryptography and Data Security,\r\n2016; https://vvdveen.com/publications/BAndroid.pdf [accessed 8/1/2022] ↩\r\nSource: https://pages.nist.gov/mobile-threat-catalogue/ecosystem-threats/ECO-4.html\r\nhttps://pages.nist.gov/mobile-threat-catalogue/ecosystem-threats/ECO-4.html\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://pages.nist.gov/mobile-threat-catalogue/ecosystem-threats/ECO-4.html"
	],
	"report_names": [
		"ECO-4.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775439110,
	"ts_updated_at": 1775791265,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/7882f2a66bce90f6889ece8c5a8c3ec3df1278e8.pdf",
		"text": "https://archive.orkl.eu/7882f2a66bce90f6889ece8c5a8c3ec3df1278e8.txt",
		"img": "https://archive.orkl.eu/7882f2a66bce90f6889ece8c5a8c3ec3df1278e8.jpg"
	}
}