CAPEC-654
Credential Prompt Impersonation
Description
An adversary, through a previously installed malicious application, impersonates a credential prompt in an attempt to steal a user's credentials.
Prerequisites
The adversary must already have access to the target system via some means.
A legitimate task must exist that an adversary can impersonate to glean credentials.
Mitigations
The only known mitigation to this attack is to avoid installing the malicious application on the device. However, to impersonate a running task the malicious application does need the GET_TASKS permission to be able to query the task list, and being suspicious of applications with that permission can help.
Skills Required
[Low] Once an adversary has gained access to the target system, impersonating a credential prompt is not difficult.