Screen recording attacks

    A feature commonly integrated into malware is the screen capture capability, which is used to steal sensitive data. The screen content can usually be streamed to the command-and-control server by the administrator commands from the admin panel.

    Defense techniques overview

    --- title: Spying on users' data with overlays --- graph TD all[All malware attacks] --> steal_screen click all href "/mobile-app-security-research-center/malware/overview" "Malware overview" steal_screen[Spy on users' screen] steal_screen --> screen_rec[Screen recording] screen_rec --> screen_rec_api31{API Level < 31?} screen_rec --> flag_secure([FLAG_SECURE ⭐]) screen_rec_api31 -- Yes --> secure_keyboard([Secure in-app keyboard]) style flag_secure fill:lightgreen style secure_keyboard fill:lightgreen click flag_secure href "/mobile-app-security-research-center/malware/secure-flag" "Secure flag" click secure_keyboard href "/mobile-app-security-research-center/malware/secure-in-app-keyboard" "Secure in-app keyboard"



    Table of contents