Home > CAPEC List > CAPEC-504: Task Impersonation (Version 2.9)  

CAPEC-504: Task Impersonation

Task Impersonation
Definition in a New Window Definition in a New Window
Attack Pattern ID: 504
Abstraction: Detailed
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

An adversary, through a previously installed malicious application, monitors the task list maintained by the operating system and waits for a specific legitimate task to become active. Once the task is detected, the malicious application launches a new task in the foreground that mimics the user interface of the legitimate task. At this point, the user thinks that they are interacting with the legitimate task that they started, but instead they are interacting with the malicious application. This type of attack is most often used to obtain sensitive information (e.g., credentials) from the user. Once the adversary's goal is reached, the malicious application can exit, leaving the original trusted application visible and the appearance that nothing out of the ordinary has occurred.

+ Solutions and Mitigations

The only known mitigation to this attack is to avoid installing the malicious application on the device. However, the malicious application does need the GET_TASKS permission to be able to query the task list, and being suspicious of applications with that permission can help.

+ References
[REF-54] Adrienne Porter Felt and David Wagner. "Phishing on Mobile Devices". 4.1.2 Man-In-The-Middle. University of California, Berkeley. 2011. <http://www.eecs.berkeley.edu/~daw/papers/mobphish-w2sp11.pdf>.
+ Content History
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team

More information is available — Please select a different filter.
Page Last Updated or Reviewed: December 07, 2015