Skip to content

T1474.003 Compromise Software Supply Chain

Adversaries may manipulate application software prior to receipt by a final consumer for the purpose of data or system compromise. Supply chain compromise of software can take place in a number of ways, including manipulation of the application source code, manipulation of the update/distribution mechanism for that software, or replacing compiled releases with a modified version.

Item Value
ID T1474.003
Sub-techniques T1474.001, T1474.002, T1474.003
Tactics TA0027
Platforms Android, iOS
Version 1.1
Created 28 March 2022
Last Modified 20 March 2023

Procedure Examples

ID Name Description
S0309 Adups Adups was pre-installed on Android devices from some vendors.76
S0319 Allwinner A Linux kernel distributed by Allwinner reportedly contained an simple backdoor that could be used to obtain root access. It was believed to have been left in the kernel by mistake by the authors.1
S0555 CHEMISTGAMES CHEMISTGAMES has been distributed as updates to legitimate applications. This was accomplished by compromising legitimate app developers, and subsequently gaining access to their Google Play Store developer account.5
S0328 Stealth Mango In at least one case, Stealth Mango may have been installed using physical access to the device by a repair shop.2
S0424 Triada Triada was added into the Android system by a third-party vendor identified as Yehuo or Blazefire during the production process.43

Mitigations

ID Mitigation Description
M1001 Security Updates Security updates may contain patches that inhibit system software compromises.
M1004 System Partition Integrity Ensure Verified Boot is enabled on devices with that capability.

Detection

ID Data Source Data Component
DS0041 Application Vetting API Calls
DS0013 Sensor Health Host Status

References

  1. Mohit Kumar. (2016, May 11). Kernel Backdoor found in Gadgets Powered by Popular Chinese ARM Maker. Retrieved September 18, 2018. 

  2. Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018. 

  3. Krebs, B. (2019, June 25). Tracing the Supply Chain Attack on Android. Retrieved July 16, 2019. 

  4. Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019. 

  5. B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020. 

  6. Jeremy Kirk. (2016, November 16). Why Did Chinese Spyware Linger in U.S. Phones?. Retrieved February 6, 2017. 

  7. Matt Apuzzo and Michael S. Schmidt. (2016, November 15). Secret Back Door in Some U.S. Phones Sent Data to China, Analysts Say. Retrieved February 6, 2017.