Common Information
| Type | Value |
|---|---|
| Value |
Application Versioning - T1661 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | An adversary may push an update to a previously benign application to add malicious code. This can be accomplished by pushing an initially benign, functional application to a trusted application store, such as the Google Play Store or the Apple App Store. This allows the adversary to establish a trusted userbase that may grant permissions to the application prior to the introduction of malicious code. Then, an application update could be pushed to introduce malicious code.(Citation: android_app_breaking_bad) This technique could also be accomplished by compromising a developer’s account. This would allow an adversary to take advantage of an existing userbase without having to establish the userbase themselves. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-10-18 | 12 | The Mobile Malware Chronicles: Necro.N – Volume 101 | ||
| Details | Website | 2024-10-18 | 12 | The Mobile Malware Chronicles: Necro.N - Volume 101 - Zimperium | ||
| Details | Website | 2024-05-27 | 28 | Technical Analysis of Anatsa Campaigns: An Android Banking Malware Active in the Google Play Store | ||
| Details | Website | 2021-11-14 | 17 | What does APT Activity Look Like on MacOS? |