Distribute malicious software development tools
|Distribute malicious software development tools|
Difficulty for the Adversary
Easy for the Adversary (Yes/No): No
Explanation: The adversary would need to either replace the tools provided at the official download location or influence developers to download the tools from an adversary-controlled third-party download location. Desktop operating systems (e.g., Windows, macOS) are increasingly encouraging use of vendor-provided official app stores to distribute software, which utilize code signing and increase the difficulty of replacing development tools with malicious versions.
Detectable by Common Defenses (Yes/No/Partial): No
Explanation: Developers could check a hash or signature of their development tools to ensure that they match expected values (e.g., Apple provides instructions of how to do so for its Xcode developer tool), but developers may not always do so.