Home > CAPEC List > CAPEC-504: Task Impersonation (Version 3.2)  

CAPEC-504: Task Impersonation

Attack Pattern ID: 504
Abstraction: Detailed
Status: Draft
Presentation Filter:
+ Description
An adversary, through a previously installed malicious application, monitors the task list maintained by the operating system and waits for a specific legitimate task to become active. Once the task is detected, the malicious application launches a new task in the foreground that mimics the user interface of the legitimate task. At this point, the user thinks that they are interacting with the legitimate task that they started, but instead they are interacting with the malicious application. This type of attack is most often used to obtain sensitive information (e.g., credentials) from the user. Once the adversary's goal is reached, the malicious application can exit, leaving the original trusted application visible and the appearance that nothing out of the ordinary has occurred.
+ Relationships

The table below shows the other attack patterns and high level categories that are related to this attack pattern. These relationships are defined as ChildOf and ParentOf, and give insight to similar items that may exist at higher and lower levels of abstraction. In addition, relationships such as CanFollow, PeerOf, and CanAlsoBe are defined to show similar attack patterns that the user may want to explore.

ChildOfMeta Attack PatternMeta Attack Pattern - A meta level attack pattern in CAPEC is a decidedly abstract characterization of a specific methodology or technique used in an attack. A meta attack pattern is often void of a specific technology or implementation and is meant to provide an understanding of a high level approach. A meta level attack pattern is a generalization of related group of standard level attack patterns. Meta level attack patterns are particularly useful for architecture and design level threat modeling exercises.173Action Spoofing

The table below shows the views that this attack pattern belongs to and top level categories within that view.

+ Mitigations
The only known mitigation to this attack is to avoid installing the malicious application on the device. However, the malicious application does need the GET_TASKS permission to be able to query the task list, and being suspicious of applications with that permission can help.
+ References
[REF-434] Adrienne Porter Felt and David Wagner. "Phishing on Mobile Devices". 4.1.2 Man-In-The-Middle. University of California, Berkeley. 2011. <https://people.eecs.berkeley.edu/~daw/papers/mobphish-w2sp11.pdf>.
+ Content History
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modification DateModifierOrganization
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated References
2019-04-04CAPEC Content TeamThe MITRE Corporation
Updated Related_Weaknesses
2019-09-30CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
More information is available — Please select a different filter.
Page Last Updated or Reviewed: September 30, 2019