Distribute malicious software development tools

From pre-attack
Jump to: navigation, search


Distribute malicious software development tools
Technique
ID PRE-T1171
Tactic Stage Capabilities

Definition

An adversary could distribute malicious software development tools (e.g., compiler) that hide malicious behavior in software built using the tools.12

Difficulty for the Adversary

Easy for the Adversary (Yes/No): No

Explanation: The adversary would need to either replace the tools provided at the official download location or influence developers to download the tools from an adversary-controlled third-party download location. Desktop operating systems (e.g., Windows, macOS) are increasingly encouraging use of vendor-provided official app stores to distribute software, which utilize code signing and increase the difficulty of replacing development tools with malicious versions.

Detection

Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Developers could check a hash or signature of their development tools to ensure that they match expected values (e.g., Apple provides instructions of how to do so for its Xcode developer tool), but developers may not always do so.