Detailedlikelihood: Highseverity: HighDraft

CAPEC-657Malicious Automated Software Update via Spoofing

Abstraction
Detailed
Status
Draft
Likelihood
High
Severity
High

Description

An attackers uses identify or content spoofing to trick a client into performing an automated software update from a malicious source. A malicious automated software update that leverages spoofing can include content or identity spoofing as well as protocol spoofing. Content or identity spoofing attacks can trigger updates in software by embedding scripted mechanisms within a malicious web page, which masquerades as a legitimate update source. Scripting mechanisms communicate with software components and trigger updates from locations specified by the attackers' server. The result is the client believing there is a legitimate software update available but instead downloading a malicious update from the attacker.

Related weaknesses· 1

CWE-494

MITRE ATT&CK crosswalk· 1

T1072: Software Deployment Tools

Related attack patterns· 1

CAPEC-186 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessDownload of Code Without Integrity Checkcwe-494100%live

Related to1

TypeTargetConfidenceTier
TechniqueSoftware Deployment Toolst1072100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Malicious Automated Software Update via Redirection
CAPEC
Malicious Software Update
CAPEC
Malicious Manual Software Update
CAPEC
Content Spoofing
CAPEC
Malicious Hardware Update
CAPEC
Malicious Software Download
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.