Distribute malicious software development tools

From pre-attack
Jump to: navigation, search

Distribute malicious software development tools
ID PRE-T1171
Tactic Stage Capabilities


An adversary could distribute malicious software development tools (e.g., compiler) that hide malicious behavior in software built using the tools.12

Difficulty for the Adversary

Easy for the Adversary (Yes/No): No

Explanation: The adversary would need to either replace the tools provided at the official download location or influence developers to download the tools from an adversary-controlled third-party download location. Desktop operating systems (e.g., Windows, macOS) are increasingly encouraging use of vendor-provided official app stores to distribute software, which utilize code signing and increase the difficulty of replacing development tools with malicious versions.


Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Developers could check a hash or signature of their development tools to ensure that they match expected values (e.g., Apple provides instructions of how to do so for its Xcode developer tool), but developers may not always do so.