T1663: Remote Access Software
Essential information
- MITRE technique ID
T1663- Confidence
- 100/100
- Revoked
- No
- Published
- 25/09/2023 21:53
- Modified
- 27/03/2026 01:41
- Author / Source
- The MITRE Corporation
Platforms
android iOS
Description
Adversaries may use legitimate remote access software, such as `VNC`, `TeamViewer`, `AirDroid`, `AirMirror`, etc., to establish an interactive command and control channel to target mobile devices.
Remote access applications may be installed and used post-compromise as an alternate communication channel for redundant access or as a way to establish an interactive remote session with the target device. They may also be used as a component of malware to establish a reverse connection to an adversary-controlled system or service. Installation of remote access tools may also include persistence.
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-mobile-attack | command-and-control |
Marking (TLP)
Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.