| ID | Name |
|---|---|
| T1474.001 | Compromise Software Dependencies and Development Tools |
| T1474.002 | Compromise Hardware Supply Chain |
| T1474.003 | Compromise Software Supply Chain |
Adversaries may manipulate products or product delivery mechanisms prior to receipt by a final consumer for the purpose of data or system compromise. Applications often depend on external software to function properly. Popular open source projects that are used as dependencies in many applications may be targeted as a means to add malicious code to users of the dependency.[1]
| ID | Name | Description |
|---|---|---|
| S0297 | XcodeGhost |
XcodeGhost was injected into apps by a modified version of Xcode (Apple's software development tool).[2][3] |
| ID | Mitigation | Description |
|---|---|---|
| M1013 | Application Developer Guidance |
Application developers should be cautious when selecting third-party libraries to integrate into their application. |
| ID | Data Source | Data Component | Detects |
|---|---|---|---|
| DS0041 | Application Vetting | API Calls |
Usage of insecure or malicious third-party libraries could be detected by application vetting services. Malicious software development tools could be detected by enterprises that deploy endpoint protection software on computers that are used to develop mobile apps. Application vetting could detect the usage of insecure or malicious third-party libraries. |