CAPEC-654 Metadata
Likelihood of Attack
Medium
Typical Severity
High
Overview
Summary
An adversary, through a previously installed malicious application, impersonates a credential prompt in an attempt to steal a user's credentials.
Prerequisites
The adversary must already have access to the target system via some means. A legitimate task must exist that an adversary can impersonate to glean credentials.
Execution Flow
| Step | Phase | Description | Techniques |
|---|---|---|---|
| 1 | Explore | [Determine suitable tasks to exploit] Determine what tasks exist on the target system that may result in a user providing their credentials. |
|
| 2 | Exploit | [Impersonate Task] Impersonate a legitimate task, either expected or unexpected, in an attempt to gain user credentials. |
|
Potential Solutions / Mitigations
The only known mitigation to this attack is to avoid installing the malicious application on the device. However, to impersonate a running task the malicious application does need the GET_TASKS permission to be able to query the task list, and being suspicious of applications with that permission can help.
Related Weaknesses (CWE)
| CWE ID | Description |
|---|---|
| CWE-1021 | Improper Restriction of Rendered UI Layers or Frames |
Related CAPECs
| CAPEC ID | Description |
|---|---|
| CAPEC-504 | An adversary, through a previously installed malicious application, impersonates an expected or routine task in an attempt to steal sensitive information or leverage a user's privileges. |
Taxonomy Mappings
Taxonomy: ATTACK
Stay Ahead of Attack Patterns
Understanding CAPEC patterns helps security professionals anticipate and thwart potential attacks. Leverage these insights to enhance threat modeling, strengthen your software development lifecycle, and train your security teams effectively.