The idea for this blog post came to me during a discussion around some recent research performed by Cisco’s Talos threat research group.
The post "Advanced Mobile Malware Campaign in India uses Malicious MDM" authored by Warren Mercer, Paul Rascagneres and Andrew Williams and the follow-up post containing additional research found in Part 2.
In this beautiful piece of research, these guys identified and analyzed an attacker with malicious intent, that used a modified open source Mobile Device Manager (MDM) to control multiple mobile devices; and to install modified versions of well-known apps like WhatsApp and Telegram in order to gain access to what would otherwise be private data.