MCP Security Alert: MarkItDown, Archon OS, Kubectl MCP
Read the Latest Research
Open Software Supply Chain Attack Reference (OSC&R) > T0170 - Malicious compiler or interpreter

Realms:

Cloud Security Container Security

T0170 - Malicious compiler or interpreter

The malicious compiler or interpreter attack is a defense evasion technique where an attacker modifies the software development tools to insert malicious code into the final product. This allows attackers to bypass security controls and gain access to systems or data. The attack involves replacing a legitimate compiler or interpreter with a malicious version that can execute malicious instructions or hide the attacker's activities. This technique is often used to insert backdoors into software and bypass security controls designed to prevent the execution of malicious code.
ID: T0170
Type: Technique
Tactic: Defense Evasion
Summary: Malicious compiler or interpreter
State: Draft

Mitigations

ID
TYPE
SUMMARY
DESCRIPTION
M1500
Mitigation
Mitigation Verify third-party artifacts and open-source libraries Verify third-party artifacts used in code are trusted and have not been infected by a malicious actor before use.
This can be accomplished, for example, by comparing the checksum of the dependency to its checksum in a trusted source. If a difference arises, this may be a sign that someone interfered and added malicious code. If this dependency is used, it will infect the environment and could end in a massive breach, leaving the organization exposed to data leaks and more.
M1502
Mitigation
Mitigation Define trusted package managers and repositories When pulling a package by name, the package manager might look for it in several package registries, some of which may be untrusted or badly configured.
If the package is pulled from such a registry, there is a higher likelihood that it could prove malicious. In order to avoid this, configure packages to be pulled from trusted package registries.
M1590
Mitigation
Mitigation Implement artifact signing and verification Implementing artifact signing and verification can help prevent malicious actors from injecting or modifying software components with malicious code in the software supply chain.
Only components that are signed and verified are allowed to proceed to the next stage of the CI/CD process, ensuring that only trusted components are used in the development and delivery of software applications.
M1730
Mitigation
Mitigation Implement code reviews Code reviews are a valuable tool for improving code quality, reducing technical debt, and ensuring the security and reliability of software applications.
Most crucial changes should be reviewed and validated to ensure there are no any security risks. Code reviews can identify defects and vulnerabilities in the code before it's deployed, reducing the likelihood of security breaches, system failures, and other issues. Require code reviews for any changes to source code or configuration files, especially for those affecting the CI/CD pipeline.
M1731
Mitigation
Mitigation Implement verification of signed commits Signing commits, or requiring to sign commits, gives other users confidence about the origin of a specific code change.
It ensures that the author of the change is not hidden and is verified by the version control system, thus the change comes from a trusted source. For each repository in use, enforce the branch protection rule of requiring signed commits, and make sure only signed commits are capable of merging.
M1732
Mitigation
Mitigation Implement code scanning for security risks Scanning pull requests to detect risks allows for early detection of vulnerable code and/or dependencies and helps mitigate potentially malicious code.
For every repository in use, enforce risk scanning on every pull request.

References

  1. https://jfrog.com/blog/detecting-known-and-unknown-malicious-packages-and-how-they-obfuscate-their-malicious-code/
  2. https://network-king.net/compiler-flaw-facilitates-supply-chain-attacks/
Group 1000004924

OSC&R Threat Report Uncovers Urgent Software Supply Chain Risks

AppSec teams are overwhelmed by useless alerts, managing numerous applications with vulnerabilities across various kill-chain stages, making them increasingly susceptible to successful attacks.
Download Report Download