CAPEC-698: Install Malicious Extension
CAPEC版本: 3.9
更新日期: 2023-01-24
攻击模式描述
执行流程
步骤 1 Explore
[Identify target(s)] The adversary must first identify target software that allows for extensions/plugins and which they wish to exploit, such as a web browser or desktop application. To increase the attack space, this will often be popular software with a large user-base.
步骤 2 Experiment
[Create malicious extension] Having identified a suitable target, the adversary crafts a malicious extension/plugin that can be installed by the underlying target software. This malware may be targeted to execute on specific operating systems or be operating system agnostic.
步骤 3 Exploit
[Install malicious extension] The malicious extension/plugin is installed by the underlying target software and executes the adversary-created malware, resulting in a variety of negative technical impacts.
- Adversary-Installed: Having already compromised the target system, the adversary simply installs the malicious extension/plugin themself.
- User-Installed: The adversary tricks the user into installing the malicious extension/plugin, via means such as social engineering, or may upload the malware on a reputable extension/plugin hosting site and wait for unknowing victims to install the malicious component.
前提条件
- The adversary must craft malware based on the type of software and system(s) they intend to exploit.
- If the adversary intends to install the malicious extension themself, they must first compromise the target machine via some other means.
所需技能
后果影响
影响范围: Confidentiality Access Control
技术影响: Read Data
影响范围: Integrity Access Control
技术影响: Modify Data
影响范围: Authorization Access Control
技术影响: Execute Unauthorized Commands
缓解措施
Only install extensions/plugins from official/verifiable sources.
Confirm extensions/plugins are legitimate and not malware masquerading as a legitimate extension/plugin.
Ensure the underlying software leveraging the extension/plugin (including operating systems) is up-to-date.
Implement an extension/plugin allow list, based on the given security policy.
If applicable, confirm extensions/plugins are properly signed by the official developers.
For web browsers, close sessions when finished to prevent malicious extensions/plugins from executing the the background.
分类映射
| 分类名称 | 条目ID | 条目名称 |
|---|---|---|
| ATTACK | 1176 | Browser Extensions |
| ATTACK | 1505.004 | Server Software Component: IIS Components |