CAPEC-504

Task Impersonation
Średni
Wysoki
Stable
2014-06-23
00h00 +00:00
2022-09-29
00h00 +00:00
CAPEC Mitre.org
Alert dla konkretnego CAPEC
Bądź na bieżąco z wszelkimi zmianami dotyczącymi konkretnego CAPEC.
Zarządzaj powiadomieniami

Opisy CAPEC

An adversary, through a previously installed malicious application, impersonates an expected or routine task in an attempt to steal sensitive information or leverage a user's privileges.

Informacje CAPEC

Przebieg wykonania

1) Explore

[Determine suitable tasks to exploit] Determine what tasks exist on the target system that may result in a user providing sensitive information.

Technika
  • Determine what tasks prompt a user for their credentials.
  • Determine what tasks may prompt a user to authorize a process to execute with elevated privileges.
2) Exploit

[Impersonate Task] Impersonate a legitimate task, either expected or unexpected, in an attempt to gain user credentials or to ride the user's privileges.

Technika
  • Prompt a user for their credentials, while making the user believe the credential request is legitimate.
  • Prompt a user to authorize a task to run with elevated privileges, while making the user believe the request is legitimate.

Wymagania wstępne

The adversary must already have access to the target system via some means.
A legitimate task must exist that an adversary can impersonate to glean credentials.
The user's privileges allow them to execute certain tasks with elevated privileges.

Wymagane umiejętności

Once an adversary has gained access to the target system, impersonating a task is trivial.

Wymagane zasoby

Malware or some other means to initially comprise the target system.
Additional malware to impersonate a legitimate task.

Łagodzenie

The only known mitigation to this attack is to avoid installing the malicious application on the device. However, to impersonate a running task the malicious application does need the GET_TASKS permission to be able to query the task list, and being suspicious of applications with that permission can help.

Powiązane słabości

CWE-ID Nazwa słabości

CWE-1021

 Improper Restriction of Rendered UI Layers or Frames
The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with.

Odniesienia

REF-434

Phishing on Mobile Devices
Adrienne Porter Felt, David Wagner.
https://people.eecs.berkeley.edu/~daw/papers/mobphish-w2sp11.pdf

Zgłoszenie

Nazwa Organizacja Data Data wydania
CAPEC Content Team The MITRE Corporation 2014-06-23 +00:00

Modyfikacje

Nazwa Organizacja Data Komentarz
CAPEC Content Team The MITRE Corporation 2018-07-31 +00:00 Updated References
CAPEC Content Team The MITRE Corporation 2019-04-04 +00:00 Updated Related_Weaknesses
CAPEC Content Team The MITRE Corporation 2019-09-30 +00:00 Updated Related_Attack_Patterns
CAPEC Content Team The MITRE Corporation 2020-07-30 +00:00 Updated @Abstraction, @Status, Consequences, Description, Example_Instances, Execution_Flow, Indicators, Likelihood_Of_Attack, Mitigations, Prerequisites, Resources_Required, Skills_Required, Typical_Severity
CAPEC Content Team The MITRE Corporation 2022-02-22 +00:00 Updated Description, Extended_Description
CAPEC Content Team The MITRE Corporation 2022-09-29 +00:00 Updated Taxonomy_Mappings
Informacje prezentowane na CVE Find pochodzą z kilku starannie wybranych źródeł referencyjnych. Dane CVE są dostarczane przez MITRE Corporation i Narodową Bazę Podatności (NVD). Katalog znanych eksploatowanych podatności (KEV) pochodzi z Agencji ds. Bezpieczeństwa Cyberprzestrzeni i Infrastruktury (CISA), natomiast wyniki EPSS pochodzą z FIRST.org. Ponadto dane dotyczące słabości oprogramowania (CWE) i typowych wzorców ataków (CAPEC) są utrzymywane przez MITRE Corporation, a informacje o konfiguracjach sprzętu i oprogramowania (CPE) są dostarczane przez NVD.