{
	"id": "2c296913-e6db-4233-8cf9-1d2444b12a7a",
	"created_at": "2026-04-06T01:31:19.367459Z",
	"updated_at": "2026-04-10T03:21:07.891517Z",
	"deleted_at": null,
	"sha1_hash": "4647e2bd462a8e66964adb604048c928ad58c0df",
	"title": "APP-31 · Mobile Threat Catalogue",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 48733,
	"plain_text": "APP-31 · Mobile Threat Catalogue\r\nArchived: 2026-04-06 01:15:51 UTC\r\nMobile Threat Catalogue\r\nMasquerading as a Legitimate Application\r\nContribute\r\nThreat Category: Malicious or privacy-invasive application\r\nID: APP-31\r\nThreat Description: 3rd party apps may duplicate the appearance and interface of a legitimate app, such as a\r\nbanking app, to trick the user into supplying authentication credentials or other sensitive information intended for\r\nthe app being spoofed. This threat was facilitated on Android devices before 5.0, as a malicious app could\r\ndetermine if a target app was running in the foreground, then initiate an activity to gain focus and intercept\r\ncredential entry by the user.\r\nThreat Origin\r\nPhishing on Mobile Devices 1\r\nExploiting Androids for Fun and Profit 2\r\nThe Latest Android Overlay Malware Spreading via SMS Phishing in Europe 3\r\nPassword-Stealing Instagram App 4\r\nHackers Sneak Malware Into Apple App Store ‘To Steal iCloud Passwords’\r\n5\r\nExploit Examples\r\nNot Applicable\r\nCVE Examples\r\nNot Applicable\r\nPossible Countermeasures\r\nEnterprise\r\nConsider the use of devices that support Android 5.0 and later, in which ActivityManager.getRunningTasks() has\r\nbeen modified to stop leaking information about the current foreground activity, increasing the difficulty of\r\nhttps://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-31.html\r\nPage 1 of 2\n\nmalicious apps being able to perform a user interface spoofing attack\r\nDeploy MAM or MDM solutions with policies that prohibit the side-loading of apps, which may bypass security\r\nchecks on the app.\r\nDeploy MAM or MDM solutions with policies that prohibit the installation of apps from 3rd party (unofficial) app\r\nstores.\r\nUse app-vetting tools or services to identify apps that attempt to spoof the interface to other apps or common web\r\nsites, such as banking sites.\r\nMobile Device User\r\nConsider the use of devices that support Android 5.0 and later, in which ActivityManager.getRunningTasks() has\r\nbeen modified to stop leaking information about the current foreground activity, increasing the difficulty of\r\nmalicious apps being able to perform a user interface spoofing attack\r\nUse Android Verify Apps feature to identify potentially harmful apps.\r\nReferences\r\n1. A.P. Felt and D. Wagner, Phishing on Mobile Devices, presented at Web 2.0 Security \u0026 Privacy 2011, 26\r\nMay 2011; https://people.eecs.berkeley.edu/~daw/papers/mobphish-w2sp11.pdf [accessed 7/27/2022] ↩\r\n2. R. Hassell, Exploiting Androids for Fun and Profit, presented at Hack In The Box Security Conference\r\n2011, 12-13 Oct. 2011; http://conference.hitb.org/hitbsecconf2011kul/materials/D1T1 - Riley Hassell -\r\nExploiting Androids for Fun and Profit.pdf [accessed 8/25/2016] ↩\r\n3. W. Zhou et al., “The Latest Android Overlay Malware Spreading via SMS Phishing in Europe”, blog, 28\r\nJune 2016; www.fireeye.com/blog/threat-research/2016/06/latest-android-overlay-malware-spreading-in-europe.html [accessed 8/25/2016] ↩\r\n4. J. Clover, “Password-Stealing Instagram App ‘InstaAgent’ Reappears in App Store Under New Name”,\r\nMacRumors, 22 Mar. 2016; www.macrumors.com/2016/03/22/password-stealing-instaagent-app-reappears/ [accessed 8/25/2016] ↩\r\n5. T. Fox-Brewster, “Hackers Sneak Malware Into Apple App Store ‘To Steal iCloud Passwords’”, Forbes, 18\r\nSept. 2015; www.forbes.com/sites/thomasbrewster/2015/09/18/xcodeghost-malware-wants-your-icloud/\r\n[accessed 8/25/2016] ↩\r\nSource: https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-31.html\r\nhttps://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-31.html\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-31.html"
	],
	"report_names": [
		"APP-31.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775439079,
	"ts_updated_at": 1775791267,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/4647e2bd462a8e66964adb604048c928ad58c0df.pdf",
		"text": "https://archive.orkl.eu/4647e2bd462a8e66964adb604048c928ad58c0df.txt",
		"img": "https://archive.orkl.eu/4647e2bd462a8e66964adb604048c928ad58c0df.jpg"
	}
}