Package Starjacking

Tags

ATT&CK Tactic

Initial Access (TA0001)

Incidents

Cloud tools imitation campaign

References

https://medium.com/checkmarx-security/starjacking-making-your-new-open-source-package-popular-in-a-snap-f52204e180cc

Last edited

Jan 23, 2024 6:33 PM

Status

Stub

About

Starjacking is the act of linking a package hosted on a package manager to a different unrelated package’s repository on GitHub. Unsuspecting developers are then tricked into thinking it is a trustworthy package.