Dark Mode
Capec-691 Detail
Spoof Open-Source Software Metadata
Standard Social Engineering Supply Chain Software Likelihood: Medium Typical Severity: High
Parents: 690
Children: 692 693
An adversary spoofs open-source software metadata in an attempt to masquerade malicious software as popular, maintained, and trusted.
Due to open-source software's popularity, it serves as a desirable attack- vector for adversaries since a single malicious component may result in the exploitation of numerous systems/applications. Adversaries may, therefore, spoof the metadata pertaining to the open-source software in order to trick victims into downloading and using their malicious software. Examples of metadata that may be spoofed include: Owner of the software (e.g., repository or package owner) Author(s) of repository commits Frequency of repository commits Date/Time of repository commits Package or Repository "stars" Once the malicious software component has been integrated into an underlying application or executed on a system, the adversary is ultimately able to achieve numerous negative technical impacts within the system/application. This often occurs without any indication of compromise.
| External ID | Source | Link | Description |
|---|---|---|---|
| CAPEC-691 | capec | https://capec.mitre.org/data/definitions/691.html | |
| CWE-494 | cwe | http://cwe.mitre.org/data/definitions/494.html | |
| T1195.001 | ATTACK | https://attack.mitre.org/wiki/Technique/T1195/001 | Supply Chain Compromise: Compromise Software Dependencies and Development Tools |
| T1195.002 | ATTACK | https://attack.mitre.org/wiki/Technique/T1195/002 | Supply Chain Compromise: Compromise Software Supply Chain |
Not present
- Identification of a popular open-source component whose metadata is to be spoofed.
Not present
| Medium |
|---|
| Ability to spoof a variety of software metadata to convince victims the source is trusted. |
| Integrity | Authorization | Access Control | Accountability |
|---|---|---|---|
| Modify Data | Execute Unauthorized Commands | Execute Unauthorized Commands | Hide Activities |
| Alter Execution Logic | Alter Execution Logic | ||
| Gain Privileges | Gain Privileges |
- An adversary provides a malicious open-source library, claiming to provide extended logging features and functionality, and spoofs the metadata with that of a widely used legitimate library. The adversary then tricks victims into including this library in their underlying application. Once the malicious software is incorporated into the application, the adversary is able to manipulate and exfiltrate log data.