CAPEC-654

Detailed Abstraction Level
Meta — Very abstract, high-level category
Standard — Specific enough to understand
Detailed — Tied to specific technique
Stable MITRE CAPEC Status
Stable — Fully reviewed and complete
Draft — Under development
Incomplete — Partially defined
Deprecated — No longer recommended
Obsolete — Replaced by another CAPEC
Likelihood: Medium Severity: High
Credential Prompt Impersonation

Description

An adversary, through a previously installed malicious application, impersonates a credential prompt in an attempt to steal a user's credentials.

Prerequisites

The adversary must already have access to the target system via some means.

A legitimate task must exist that an adversary can impersonate to glean credentials.

Mitigations

The only known mitigation to this attack is to avoid installing the malicious application on the device. However, to impersonate a running task the malicious application does need the GET_TASKS permission to be able to query the task list, and being suspicious of applications with that permission can help.

Skills Required

[Low] Once an adversary has gained access to the target system, impersonating a credential prompt is not difficult.