{ "id": "03c8bb09-3a3b-4081-bf79-9cec792d00da", "created_at": "2026-04-06T00:18:40.118854Z", "updated_at": "2026-04-10T13:11:22.7806Z", "deleted_at": null, "sha1_hash": "d7444a14176c668d9c03cadb9896646132fdcb2b", "title": "ECO-22 · Mobile Threat Catalogue", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 46736, "plain_text": "ECO-22 · Mobile Threat Catalogue\r\nArchived: 2026-04-05 22:40:08 UTC\r\nMobile Threat Catalogue\r\nApp Store Vetting Bypass\r\nContribute\r\nThreat Category: Mobile Application Store\r\nID: ECO-22\r\nThreat Description: Applications that can bypass app store’s analysis or vetting techniques can implant malware in a\r\nlegitimate app store.\r\nThreat Origin\r\nResearchers Find Methods for Bypassing Google’s Bouncer Android Security 1\r\nExploit Examples\r\nDissecting the Android Bouncer 2\r\nAdventures in Bouncerland 3\r\nMalware designed to take over cameras and record audio enters Google Play 4\r\nCVE Examples\r\nNot Applicable\r\nPossible Countermeasures\r\nEnterprise\r\nUse app-vetting tools or services to determine that apps appear free of malicious behaviors or vulnerabilities prior to\r\nauthorizing their use.\r\nTo decrease the time to detection for malicious apps, use app threat intelligence services to detect malicious apps installed\r\non devices\r\nEducate end users to scrutinize the permissions requested by apps, particularly if an updated version requests significantly\r\ndifferent permissions than previous ones.\r\nMobile Device User\r\nTo decrease the time to detection for malicious apps on Android devices, use Android Verify Apps feature.\r\nReferences\r\nhttps://pages.nist.gov/mobile-threat-catalogue/ecosystem-threats/ECO-22.html\r\nPage 1 of 2\n\n1. D. Fisher, “Researchers Find Methods for Bypassing Google’s Bouncer Android Security,” blog, 4 June 2012;\r\nhttps://threatpost.com/researchers-find-methods-bypassing-googles-bouncer-android-security-060412/76643/ ↩\r\n2. J. Miller and C. Oberheide, Dissecting the Android Bouncer, Summercon, June 2012.\r\nhttps://jon.oberheide.org/files/summercon12-bouncer.pdf [accessed 8/25/16] ↩\r\n3. N.J. Percoco and S. Schulte, Adventures in BouncerLand, presented at BlackHat, 25 July 2012.\r\nhttps://ia601905.us.archive.org/4/items/blackhat2012usaslides/BH_US_12_Percoco_Adventures_in_Bouncerland_WP.pdf\r\n[accessed 7/27/22] ↩\r\n4. D. Goodin, “Malware designed to take over cameras and record audio enters Google Play”, Ars Technica, 7 Mar.\r\n2014; http://arstechnica.com/security/2014/03/malware-designed-to-take-over-cameras-and-record-audio-enters-google-play/ [accessed 8/25/2016] ↩\r\nSource: https://pages.nist.gov/mobile-threat-catalogue/ecosystem-threats/ECO-22.html\r\nhttps://pages.nist.gov/mobile-threat-catalogue/ecosystem-threats/ECO-22.html\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "MITRE" ], "origins": [ "web" ], "references": [ "https://pages.nist.gov/mobile-threat-catalogue/ecosystem-threats/ECO-22.html" ], "report_names": [ "ECO-22.html" ], "threat_actors": [ { "id": "75108fc1-7f6a-450e-b024-10284f3f62bb", "created_at": "2024-11-01T02:00:52.756877Z", "updated_at": "2026-04-10T02:00:05.273746Z", "deleted_at": null, "main_name": "Play", "aliases": null, "source_name": "MITRE:Play", "tools": [ "Nltest", "AdFind", "PsExec", "Wevtutil", "Cobalt Strike", "Playcrypt", "Mimikatz" ], "source_id": "MITRE", "reports": null } ], "ts_created_at": 1775434720, "ts_updated_at": 1775826682, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/d7444a14176c668d9c03cadb9896646132fdcb2b.pdf", "text": "https://archive.orkl.eu/d7444a14176c668d9c03cadb9896646132fdcb2b.txt", "img": "https://archive.orkl.eu/d7444a14176c668d9c03cadb9896646132fdcb2b.jpg" } }