CAPEC-691: Spoof Open-Source Software Metadata

Description
<p>An adversary spoofs open-source software metadata in an attempt to masquerade malicious software as popular, maintained, and trusted.<p>
Extended Description

Due to open-source software's popularity, it serves as a desirable attack-vector for adversaries since a single malicious component may result in the exploitation of numerous systems/applications. Adversaries may, therefore, spoof the metadata pertaining to the open-source software in order to trick victims into downloading and using their malicious software. Examples of metadata that may be spoofed include:

  • Owner of the software (e.g., repository or package owner)
  • Author(s) of repository commits
  • Frequency of repository commits
  • Date/Time of repository commits
  • Package or Repository "stars"

    • Once the malicious software component has been integrated into an underlying application or executed on a system, the adversary is ultimately able to achieve numerous negative technical impacts within the system/application. This often occurs without any indication of compromise.

Severity :

High

Possibility :

Medium

Type :

Standard
Relationships with other CAPECs

This table shows the other attack patterns and high level categories that are related to this attack pattern.

CAPEC-184: Software Integrity Attack Software Integrity Attack CAPEC-444: Development Alteration Development Alteration CAPEC-616: Establish Rogue Location Establish Rogue Location CAPEC-630: TypoSquatting TypoSquatting CAPEC-690: Metadata Spoofing Metadata Spoofing CAPEC-692: Spoof Version Control System Commit Metadata Spoof Version Control System Commit Metadata CAPEC-693: StarJacking StarJacking
Prerequisites

This table shows the other attack patterns and high level categories that are related to this attack pattern.

  • Identification of a popular open-source component whose metadata is to be spoofed.
Skills required

This table shows the other attack patterns and high level categories that are related to this attack pattern.

  • Medium Ability to spoof a variety of software metadata to convince victims the source is trusted.
Taxonomy mappings

Mappings to ATT&CK, OWASP and other frameworks.

ATTACK | Supply Chain Compromise: Compromise Software Dependencies and Development Tools ATTACK | Supply Chain Compromise: Compromise Software Supply Chain
Related CWE

A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful.

CWE-494: Download of Code Without Integrity Check

Visit http://capec.mitre.org/ for more details.