Monday 06 July 2026 12:35:20 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

WIKICROOK

Mobile GUI input capture

A credential theft method that tricks users into entering secrets into a fake screen.

Mobile GUI input capture is a credential theft technique in which malware or a malicious app tricks a user into typing secrets into a fake on-screen interface. Instead of breaking encryption or stealing data from memory, the attacker copies the look and feel of a legitimate login, PIN, or wallet screen and places it in front of the real app.

This matters because mobile users often trust what they see and tap quickly. A convincing overlay, phishing page, or counterfeit dialog can capture passwords, PINs, one-time codes, and wallet recovery data with no obvious sign of compromise. In real attacks, this is often paired with permissions that let an app draw over other apps or misuse accessibility features. Defenders reduce risk by avoiding sideloaded apps, reviewing overlay-related permissions, using trusted app stores, and blocking overlays on sensitive screens when possible.

← WIKICROOK index