- Home
- Techniques
- Mobile
- Drive-by Compromise
Drive-by Compromise
As described by Drive-by Compromise, a drive-by compromise is when an adversary gains access to a system through a user visiting a website over the normal course of browsing. With this technique, the user's web browser is targeted for exploitation. For example, a website may contain malicious media content intended to exploit vulnerabilities in media parsers as demonstrated by the Android Stagefright vulnerability [1].
(This technique was formerly known as Malicious Web Content. It has been renamed to better align with ATT&CK for Enterprise.)
Procedure Examples
Name | Description |
---|---|
INSOMNIA |
INSOMNIA has utilized malicious JavaScript and iframes to exploit WebKit running on vulnerable iOS 12 devices.[2] |
Pegasus for iOS |
Pegasus for iOS was distributed through a web site by exploiting vulnerabilities in the Safari web browser on iOS devices.[3] |
Stealth Mango |
Stealth Mango is delivered via a a watering hole website that mimics the third-party Android app store APKMonk. In at least one case, the watering hole URL was distributed through Facebook Messenger.[4] |
Mitigations
Mitigation | Description |
---|---|
Security Updates | |
Use Recent OS Version |