CAPEC-698: Install Malicious Extension

Description
<p>An adversary directly installs or tricks a user into installing a malicious extension into existing trusted software, with the goal of achieving a variety of negative technical impacts.<p>
Extended Description

Many software applications allow users to install third-party software extensions/plugins that provide additional features and functionality. Adversaries can take advantage of this behavior to install malware on a system with relative ease. This may require the adversary compromising a system and then installing the malicious extension themself. An alternate approach entails masquerading the malicious extension as a legitimate extension. The adversary then convinces users to install the malicious component, via means such as social engineering, or simply waits for victims to unknowingly install the malware on their systems. Once the malicious extension has been installed, the adversary can achieve a variety of negative technical impacts such as obtaining sensitive information, executing unauthorized commands, observing/modifying network traffic, and more.

Severity :

High

Possibility :

Medium

Type :

Detailed
Relationships with other CAPECs

This table shows the other attack patterns and high level categories that are related to this attack pattern.

CAPEC-542: Targeted Malware Targeted Malware
Prerequisites

This table shows the other attack patterns and high level categories that are related to this attack pattern.

  • The adversary must craft malware based on the type of software and system(s) they intend to exploit.
  • If the adversary intends to install the malicious extension themself, they must first compromise the target machine via some other means.
Skills required

This table shows the other attack patterns and high level categories that are related to this attack pattern.

  • Medium Ability to create malicious extensions that can exploit specific software applications and systems.
  • Medium Optional: Ability to exploit target system(s) via other means in order to gain entry.
Taxonomy mappings

Mappings to ATT&CK, OWASP and other frameworks.

ATTACK | Browser Extensions ATTACK | Server Software Component: IIS Components
Related CWE

A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful.

CWE-507: Trojan Horse

CWE-829: Inclusion of Functionality from Untrusted Control Sphere

Visit http://capec.mitre.org/ for more details.