Mobile Threat Catalogue

Subassembly Malware


Threat Category: Supply Chain

ID: SPC-18

Threat Description: An adversary with access to software being integrated into a system during a subassembly manufacturing process can embed malware into a sub-assembly.1

Threat Origin

Supply Chain Attack Framework and Attack Patterns 1

Exploit Examples

Not Applicable

CVE Examples

Not Applicable

Possible Countermeasures


  1. J.F. Miller, “Supply Chain Attack Framework and Attack Patterns”, tech. report, MITRE, Dec. 2013;  2