CAPEC-504

Standard Abstraction Level
Meta — Very abstract, high-level category
Standard — Specific enough to understand
Detailed — Tied to specific technique
Stable MITRE CAPEC Status
Stable — Fully reviewed and complete
Draft — Under development
Incomplete — Partially defined
Deprecated — No longer recommended
Obsolete — Replaced by another CAPEC
Likelihood: Medium Severity: High
Task Impersonation

Description

An adversary, through a previously installed malicious application, impersonates an expected or routine task in an attempt to steal sensitive information or leverage a user's privileges.

Prerequisites

The adversary must already have access to the target system via some means.

A legitimate task must exist that an adversary can impersonate to glean credentials.

The user's privileges allow them to execute certain tasks with elevated privileges.

Mitigations

The only known mitigation to this attack is to avoid installing the malicious application on the device. However, to impersonate a running task the malicious application does need the GET_TASKS permission to be able to query the task list, and being suspicious of applications with that permission can help.

Skills Required

[Low] Once an adversary has gained access to the target system, impersonating a task is trivial.