Foreground Persistence (T1541)

View on ATT&CK

In Playbook

Technique & Subtechniques

  • Foreground Persistence

Associated Tactics

  • Defense Evasion
  • Persistence

Defense Evasion (TA0030)

The adversary is trying to avoid being detected. Defense evasion consists of techniques an adversary may use to evade detection or avoid other defenses. Sometimes these actions are the same as or variations of techniques in other categories that have the added benefit of subverting a particular defense or mitigation. Defense evasion may be considered a set of attributes the adversary applies to all other phases of the operation.

View on ATT&CK

Procedure Examples

Description Source(s)
Google. (n.d.). Sensors Overview. Retrieved November 19, 2019. Android-SensorsOverview
Google. (n.d.). Services overview. Retrieved November 19, 2019. Android-ForegroundServices
Song Wang. (2019, October 18). Fake Photo Beautification Apps on Google Play can Read SMS Verification Code to Trigger Wireless Application Protocol (WAP)/Carrier Billing. Retrieved November 19, 2019. TrendMicro-Yellow Camera
Thomas Sutter. (2019, December). Simple Spyware Androids Invisible Foreground Services and How to (Ab)use Them. Retrieved December 26, 2019. BlackHat Sutter Android Foreground 2019
NIST Mobile Threat Catalogue