JUST RELEASED: ATT&CK for Industrial Control Systems

Choose pre-compromised mobile app developer account credentials or signing keys

The adversary can use account credentials or signing keys of an existing mobile app developer to publish malicious updates of existing mobile apps to an application store, or to abuse the developer's identity and reputation to publish new malicious apps. Many mobile devices are configured to automatically install new versions of already-installed apps. [1]

ID: T1391
Tactic: Persona Development
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018

Detection

Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Possible to detect compromised credentials if alerting from a service provider is enabled and acted upon by the individual.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): No

Explanation: The difficulty of obtaining useful developer credentials may vary. Well-organized, professional app developers whose credentials or signing keys would be the most useful to an adversary because of the large install bases of their apps, would likely strongly protect their credentials and signing keys. Less-organized app developers may not protect their credentials and signing keys as strongly, but the credentials and signing keys would also be less useful to an adversary. These less-organized app developers may reuse passwords across sites, fail to turn on multi-factor authentication features when available, or store signing keys in unprotected locations.

References

  1. Galen Gruman. (2014, December 5). Keep out hijackers: Secure your app store dev account. Retrieved April 12, 2017.