[Mobile Application]
Security Research Center
What is Credential Theft?
Credential theft is a family of attacks where a bad actor gains access to the victim's credentials and successfully reuses them to gain further access to the victim's digital assets. Usually, credentials include the victim’s user name or another identifier, the victim’s password, optionally complemented by multi-factor authentication data, such as biometric data or single-use codes.
There are multiple ways to gain access to the victim’s credential data, including (but not limited to):
- Malware (see the security research center on malware for more information)
- Man-in-the-middle attack where the victim’s credentials are captured from the communication channel
- Social engineering
Reusing the stolen information involves the attacker repeating the entry of the stolen credentials either automatically or manually using the original untampered application.
Automated credential entry can happen either on the victim’s device (e.g. using malware) or on an attacker’s device using custom-built apps.
---
title: Credential theft overview
---
flowchart TD
impersonation_attack
theft_phase
tampering_protection
malware_protection
tls_pinning
device_binding
malware
mitm
social_engineering
impersonation_attack[Impersonation and account takeover]
theft_phase[Theft]
reuse_phase[Reuse]
creds[Credential sniffing]
impersonation_attack --> creds
creds --> theft_phase
creds --> reuse_phase
malware[Malware]
mitm[Man-in-the-middle attack]
social_engineering[Social engineering]
stuffing[Manual credential reuse]
bots[Bots]
tampering_protection([Tampering protection])
malware_protection([Malware protection])
tls_pinning([TLS pinning])
passkeys([Use of passkeys])
mfa([Multi-factor authentication])
device_binding([Device binding])
education([Educating users])
app_attestation([Application attestation])
theft_phase --> malware
theft_phase --> mitm
theft_phase --> social_engineering
reuse_phase --> stuffing
reuse_phase --> bots
reuse_phase --> malware
malware --> malware_protection
malware --> tampering_protection
malware --> passkeys
stuffing --> passkeys
mitm --> passkeys
malware --> mfa
stuffing --> mfa
mitm --> mfa
mfa --> device_binding
bots --> app_attestation
mitm --> tls_pinning
social_engineering --> device_binding
social_engineering --> education
style device_binding fill:lightgreen
click malware_protection href "https://www.guardsquare.com/mobile-app-security-research-center/malware/overview" "How to implement malware protection"
click tls_pinning href "https://www.guardsquare.com/video/ssl-pinning-explained" "SSL pinning explained"
click re_protection href "https://www.guardsquare.com/" "Reverse engineering and tampering protection"
click tampering_protection href "https://www.guardsquare.com/" "Reverse engineering and tampering protection"
click app_attestation href "https://www.guardsquare.com/introducing-mobile-app-attestation" "Learn more about App Attestation"
Guardsquare
Connect with the author
Table of contents
