The execution of QuasarRAT would allow the attacker to establish command and control over affected Windows endpoints.
Author: Poppaea McDermott
Trusty is a free-to-use web app from Stacklok that analyzes data about thousands of open source packages and ranks them based on their supply chain risk. Trusty looks at factors like repo and author activity; the presence of security best practices, like artifact signing; and the presence of malicious activity, like typosquatting and starjacking.
Earlier this week, Trusty's threat analysis system, developed by Stacklok, was able to interpret the noblox-ts package as suspicious. Read on for our analysis on this package.
Discovering the attack
You can see a UI expression of the scoring for this package below in Trusty:
Starjacking is a tactic used by threat actors to misdirect users into downloading a malicious package by imitating a popular or highly-rated project. The information copied can include metadata such as the description and star rating.
Trusty ingests package provenance information, allowing the identification of anomalies around source of origin.
To read the rest of the post, click here