CAPEC-447 - Malicious Logic Insertion into Product Software during Update

An attacker manipulates the codebase provided in a software patch, firmware version, or product update to contain malicious code. This results in devices, products, or software downloading and executing the attackers' code, or the code is introduced when the user updates the BIOS of a device. A malicious software update can perform any range of actions, depending on the attackers' intent. Of greatest concern are compromised updates that introduce logic bombs, deliberately hidden backdoors or rootkits, self-modifying code, keyloggers, or other means of gaining direct access to an organization's internal network.