Detailedlikelihood: Lowseverity: HighDraft

CAPEC-533Malicious Manual Software Update

Abstraction
Detailed
Status
Draft
Likelihood
Low
Severity
High

Description

An attacker introduces malicious code to the victim's system by altering the payload of a software update, allowing for additional compromise or site disruption at the victim location. These manual, or user-assisted attacks, vary from requiring the user to download and run an executable, to as streamlined as tricking the user to click a URL. Attacks which aim at penetrating a specific network infrastructure often rely upon secondary attack methods to achieve the desired impact. Spamming, for example, is a common method employed as an secondary attack vector. Thus the attacker has in their arsenal a choice of initial attack vectors ranging from traditional SMTP/POP/IMAP spamming and its varieties, to web-application mechanisms which commonly implement both chat and rich HTML messaging within the user interface.

Related weaknesses· 1

CWE-494

Related attack patterns· 1

CAPEC-186 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessDownload of Code Without Integrity Checkcwe-494100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Malicious Software Update
CAPEC
Malicious Automated Software Update via Redirection
CAPEC
Malicious Automated Software Update via Spoofing
CAPEC
Malicious Software Download
CAPEC
Malicious Hardware Update
CAPEC
Malicious Software Implanted
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.