Home
Techniques
Mobile
Account Access Removal

Account Access Removal

Adversaries may interrupt availability of system and network resources by inhibiting access to accounts utilized by legitimate users. Accounts may be deleted, locked, or manipulated (ex: credentials changed) to remove access to accounts.

ID: T1640

Sub-techniques: No sub-techniques

Tactic Type: Post-Adversary Device Access

ⓘ

Tactic:Impact

ⓘ

Platforms: Android

Version: 1.1

Created: 06 April 2022

Last Modified: 24 October 2025

Version Permalink

Live Version

Procedure Examples

ID	Name	Description
S0407	Monokle	Monokle can reset the user's password/PIN.^[1]

Mitigations

ID	Mitigation	Description
M1011	User Guidance	Users should be taught that Device Administrator permissions are very dangerous, and very few applications need it.

Detection Strategy

ID	Name	Analytic ID	Analytic Description
DET0605	Detection of Account Access Removal	AN1655	Application vetting services could closely scrutinize applications that request Device Administrator permissions.

References

Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.

Movatterモバイル変換

Account Access Removal

Procedure Examples

Mitigations

Detection Strategy

References