A few different ways. It could be a supply chain attack as in the applications code base gets taken over by somebody. And what looks like a regular update, puts malicious code on their device.
Or a lot of apps dynamically load code from remote servers so somebody could take over one of those remote servers and inject something malicious into it.
There could be a compromise in their software development kits or SDKs. Meaning that a library that somebody is using could unknowingly get compromised. Therefore putting malicious code in an app without realizing it.
I'm sure there are other ways that I'm missing too.
Enki
npub1gn…merrq
2025-03-20 14:31:05
in reply to nevent1q…ju43
Author Public Key
npub1gnwpctdec0aa00hfy4lvadftu08ccs9677mr73h9ddv2zvw8fu9smmerrqPublished at
2025-03-20 14:31:05Event JSON
{
"id": "8493114ae02ddd402f32f4b792ded65f8bf923ecc1304ac257f46a550e448f95",
"pubkey": "44dc1c2db9c3fbd7bee9257eceb52be3cf8c40baf7b63f46e56b58a131c74f0b",
"created_at": 1742481065,
"kind": 1,
"tags": [
[
"e",
"4341e18ab5ac458eb9b0fea239c6cbd9a26d1d531ce22393505df16bbd52daeb",
"",
"root"
],
[
"p",
"67ada8e344532cbf82f0e702472e24c7896e0e1c96235eacbaaa4b8616052171"
]
],
"content": "A few different ways. It could be a supply chain attack as in the applications code base gets taken over by somebody. And what looks like a regular update, puts malicious code on their device.\n\nOr a lot of apps dynamically load code from remote servers so somebody could take over one of those remote servers and inject something malicious into it.\n\nThere could be a compromise in their software development kits or SDKs. Meaning that a library that somebody is using could unknowingly get compromised. Therefore putting malicious code in an app without realizing it.\n\nI'm sure there are other ways that I'm missing too.",
"sig": "c5bac75ed8ec43a3359156075b1d63967bf1127465247124c89e4549eec5ca366684c75c127551c2167e915b84946ddcfe5a72ada7e02c48a103427e84e5e2a6"
}