Detailedseverity: MediumDraft

CAPEC-501Android Activity Hijack

Abstraction
Detailed
Status
Draft
Severity
Medium

Description

An adversary intercepts an implicit intent sent to launch a Android-based trusted activity and instead launches a counterfeit activity in its place. The malicious activity is then used to mimic the trusted activity's user interface and prompt the target to enter sensitive data as if they were interacting with the trusted activity.

Related weaknesses· 1

CWE-923

Related attack patterns· 2

CAPEC-499 (ChildOf)CAPEC-173 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessImproper Restriction of Communication Channel to Intended Endpointscwe-923100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Android Intent Intercept
CAPEC
Intent Spoof
CAPEC
Tapjacking
CAPEC
WebView Injection
CAPEC
Task Impersonation
CAPEC
Action Spoofing
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.