Build Script Tampering

Build Script Tampering is a sophisticated sub-technique under Resource Development/Compromised Code Signing and Build Infrastructure where adversaries manipulate build scripts to inject malicious code during the software build process. Adversaries target build scripts (such as Makefiles, Gradle scripts, or CI/CD configuration files) to modify compilation parameters, insert unauthorized dependencies, or execute unauthorized commands when the build is triggered. This approach is particularly effective because it leverages trusted automation systems and can affect all downstream software artifacts produced by the build pipeline. By tampering with build scripts rather than the source code itself, attackers can maintain a lower profile as these modifications often undergo less scrutiny than direct source code changes, especially in environments with complex build systems. The resulting compromised software will contain the malicious code while appearing legitimate to end users, as it has been signed and distributed through official channels, allowing attackers to establish persistence, collect sensitive data, or create backdoors across all systems where the compromised software is deployed.