Tabnabbing on Smartphones




Here is the same attack technique used on a smartphone. The first picture shows the same web application I made but ported onto a smartphone using PhoneGap. The second picture shows how it looks exactly like web application and does what its intended purpose is. The third picture shows the application minimized. This is where the attack executes. It learns that the user is not interacting with it so it will morph itself to look exactly like the Facebook app. The fourth picture shows how the app changed itself. It has gone even far as to change its name and logo to Facebook. When I go back into the app, the fifth picture depicts how similar the interface is to the real app. The sixth picture shows how I can put any message into the app to get the user to enter their information.