All Articles

Stealth Mango and the Prevalence of Mobile Surveillanceware (Black Hat Conference 2018)

Posted by Shubham Gupta on September 30, 2018 at 7:43pm

In this talk, we will unveil the new in-house capabilities of a nation state actor who has been observed deploying both Android and iOS surveillance tooling, known as Stealth Mango and Tangelo. The actor behind these offensive capabilities has successfully compromised the devices of government officials and military personnel in numerous countries with some directly impacting Western interests. Our research indicates this capability has been created by freelance developers who primarily release commodity spouse-ware but moonlight by selling their own custom surveillanceware to state actors. One such state actor has been observed deploying Stealth Mango and this presentation will unveil the depth and breadth of their campaigns, detailing not only how we watched them grow and develop, test, QA, and deploy their offensive tooling, but also how operation security mistakes ultimately led to their attribution.

Speakers

Andrew Blaich

Andrew Blaich is a security researcher and the head of device intelligence at Lookout where he is focused on threat hunting and vulnerability research. Andrew has presented on several surveillanceware actors including Pegasus, Chrysaor, and Dark Caracal. Prior to Lookout, Andrew was the Lead Security Analyst at Bluebox Security. He holds a PhD in computer science, and engineering from the University of Notre Dame in enterprise security and wireless networking. Andrew has presented at conferences including Black Hat, SAS, RSA, ACSC, and ShmooCon. In his free time, he loves to run.

Michael Flossman

Michael Flossman is the Head of Lookout's Threat Intelligence services where he is responsible for discovering and analyzing sophisticated mobile threats being deployed in targeted attacks. He has recently worked on multiple high profile investigations that have involved tracking and writing about the evolution and deployment of surveillanceware tools like Pegasus, ViperRAT, FrozenCell, Dark Caracal, StealthMango, JadeRAT, and Tangelo to name but a few. His background is in security assessments, pen-testing, reverse engineering, prototyping, incident response, and vulnerability research.

Detailed Presentation:

(Source: Black Hat USA 2018, Las Vegas)

8669820464?profile=original

 

Views: 138
E-mail me when people leave their comments –
Follow

You need to be a member of CISO Platform to add comments!

Join CISO Platform

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)
 

 

 

City Round Table Meetup - Mumbai, Bangalore, Delhi, Chennai, Pune, Kolkata

Apr 15, 2025 at 8:00am to May 15, 2025 at 10:00am
India
  • Description:
    CISO Playbook Round Table Overview : 
    Our round tables are designed to bring together top CISOs and IT leaders in intimate, focused sessions. These closed-door discussions will provide a platform to explore key security challenges and solutions. These sessions aim to create a focused, closed-door environment where 08-10 CISOs will dive deeply into the practicalities of implementing specific technologies.
    • Technology Implementation: From…
  • Created by: Biswajit Banerjee
  • Tags: ciso, playbook, round table

CISO Cocktail Reception At RSAConference USA, San Francisco 2025 !

Apr 29, 2025 from 5:45pm to 9:00pm
San Francisco, America
  • Description:

    We are excited to invite you to the CISO Cocktail Reception if you are there at the RSA Conference USA, San Francisco 2025. It will be hosted aboard a private yacht, so that our CISO's can enjoy the beautiful San Francisco skyline while cruising the Bay Area! This event is organized by EC-Council with CISOPlatform and FireCompass as proud community partners. 

    Yacht Party…

  • Created by: Biswajit Banerjee
  • Tags: ciso, usa, san francisco, rsaconference 2025

Round Table Dubai 2025 | GISEC

May 8, 2025 from 6:00pm to 9:00pm
Dubai
  • Description:
    CISO Playbook Round Table Overview : 

    Our round tables are designed to bring together top CISOs and IT leaders in intimate, focused sessions. These closed-door discussions will provide a platform to explore key security challenges and solutions. These sessions aim to create a focused, closed-door environment where 08-10 CISOs will dive deeply into the practicalities of implementing specific technologies.
    • Technology…
  • Created by: Biswajit Banerjee

CISO Platform: CISO 100 Awards & Future CISO Awards | In association with EC Council

Oct 1, 2025 at 9:00am to Oct 2, 2025 at 3:00pm
Renaissance Atlanta Waverly Hotel & Convention Center
  • Description:

    Nominate for the CISOPlatform CISO 100 Awards & Future CISO Awards - Recognizing Cybersecurity Leaders. Recommend someone you know deserving of this prestigious accolade....Nominate your colleague, mentor, someone you admire or yourself !

    For more details: Click Here…

  • Created by: Biswajit Banerjee