What is the attack performed on Don in the above scenario?
Don, a student, came across a gaming app in a third-party app store and Installed it. Subsequently, all the legitimate apps in his smartphone were replaced by deceptive applications that appeared legitimate. He also received many advertisements on his smartphone after Installing the app.
What is the attack performed on Don in the above scenario?
A . SMS phishing attack
B . SIM card attack
C . Agent Smith attack
D . Clickjacking
Answer: D
Explanation:
Clickjacking is an attack that tricks a user into clicking a webpage element which is invisible or disguised as another element. this will cause users to unwittingly download malware, visit malicious sites, provide credentials or sensitive information, transfer money, or purchase products online.Typically, clickjacking is performed by displaying an invisible page or HTML element, inside an iframe, on top of the page the user sees. The user believes they’re clicking the visible page but actually they’re clicking an invisible element
within the additional page transposed on top of it. The invisible page might be a malicious page, or a legitimate page the user didn’t shall visit C for instance, a page on the user’s banking site that authorizes the transfer of cash .There are several variations of the clickjacking attack, such as:
• Likejacking C a way during which the Facebook “Like” button is manipulated, causing users to “like” a page they really didn’t shall like.
• Cursorjacking C a UI redressing technique that changes the cursor for the position the user perceives to a different position. Cursorjacking relies on vulnerabilities in Flash and therefore the Firefox browser, which have now been fixed.
Clickjacking attack example
Latest 312-50v11 Dumps Valid Version with 432 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
Answer is C:
Source:
https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/
Agent Smith attacks are carried out by luring victims into downloading and installing malicious
apps designed and published by attackers in the form of games, photo editors, or other attractive tools from third-party app stores such as 9Apps. Once the user has installed the app, the core malicious code inside the application infects or replaces the legitimate apps in the victim’s mobile device C&C commands. The deceptive application replaces legitimate apps such as WhatsApp, SHAREit, and MX Player with similar infected versions. The application sometimes also appears to be an authentic Google product such as Google Updater or Themes. The attacker then produces a massive volume of irrelevant and fraudulent advertisements on the victim’s device through the infected app for financial gain. Attackers exploit these apps to steal critical information such as personal information, credentials, and bank details, from the victim’s mobile device through C&C commands
Answer is C