Cybersecurity company Checkmarx said it has discovered that hackers can effectively hijack GitHub’s star ratings of open-source products to trick developers into downloading malicious code.
In a blog post, Checkmarx’s Tzachi “Zack” Zornstein and Aviad Gershon warn that the entire cyber-scam, which they’re calling “StarJacking,” ultimately relies upon the credibility that many people attach to star-rating systems for various products. The more popular a product, some people reason, the better the product.