As described by ATT&CK for Enterprise, a drive-by compromise is when an adversary gains access to a system through a user visiting a website over the normal course of browsing. With this technique, the user's web browser is targeted for exploitation. For example, a website may contain malicious media content intended to exploit vulnerabilities in media parsers as demonstrated by the Android Stagefright vulnerability .
(This technique was formerly known as Malicious Web Content. It has been renamed to better align with ATT&CK for Enterprise.)
|Use Recent OS Version|
|Pegasus for iOS|
Stealth Mango is delivered via a a watering hole website that mimics the third-party Android app store APKMonk. In at least one case, the watering hole URL was distributed through Facebook Messenger.