Choose pre-compromised mobile app developer account credentials or signing keys

From pre-attack
Jump to: navigation, search


Choose pre-compromised mobile app developer account credentials or signing keys
Technique
ID PRE-T1168
Tactic Persona Development

Definition

The adversary can use account credentials or signing keys of an existing mobile app developer to publish malicious updates of existing mobile apps to an application store, or to abuse the developer's identity and reputation to publish new malicious apps. Many mobile devices are configured to automatically install new versions of already-installed apps.1

Difficulty for the Adversary

Easy for the Adversary (Yes/No): No

Explanation: The difficulty of obtaining useful developer credentials may vary. Well-organized, professional app developers whose credentials or signing keys would be the most useful to an adversary because of the large install bases of their apps, would likely strongly protect their credentials and signing keys. Less-organized app developers may not protect their credentials and signing keys as strongly, but the credentials and signing keys would also be less useful to an adversary. These less-organized app developers may reuse passwords across sites, fail to turn on multi-factor authentication features when available, or store signing keys in unprotected locations.

Detection

Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Possible to detect compromised credentials if alerting from a service provider is enabled and acted upon by the individual.