The execution of QuasarRAT would allow the attacker to establish command and control over affected Windows endpoints.
Author: Poppaea McDermott
Trusty is a free-to-use web app from Stacklok that analyzes data about thousands of open source packages and ranks them based on their supply chain risk. Trusty looks at factors like repo and author activity; the presence of security best practices, like artifact signing; and the presence of malicious activity, like typosquatting and starjacking.
Earlier this week, Trusty's threat analysis system, developed by Stacklok, was able to interpret the noblox-ts package as suspicious. Read on for our analysis on this package.
Discovering the attack
You can see a UI expression of the scoring for this package below in Trusty:
Starjacking is a tactic used by threat actors to misdirect users into downloading a malicious package by imitating a popular or highly-rated project. The information copied can include metadata such as the description and star rating.
Trusty ingests package provenance information, allowing the identification of anomalies around source of origin.
To read the rest of the post, click here
Top comments (1)
The "DestroyLoneliness" npm starjacking attack targeting Roblox's noblox-ts highlights critical supply chain risks for developers. By delivering QuasarRAT, attackers exploited trust in open-source libraries. Tools like Trusty from Stacklok help detect such threats by analyzing provenance and activity, making it easier to identify safe dependencies.
For Roblox scripting, using a reliable tool like Delta Executor is a safer choice. Known for its security and consistent performance, Delta Executor minimizes risks associated with malicious scripts or compromised libraries. Always prioritize trusted tools and audit your dependencies to keep your projects secure.