Proposal: Add Attack Type Classification to Malware Advisories

[mlouthain]

Proposal: Add Attack Type Classification to Malware Advisories

Problem Statement

The current malware advisory system in the GitHub Advisory Database creates a significant security coverage gap. Dependabot suppresses all malware advisories due to high false positive rates from substitution attacks, but this blanket suppression also prevents alerts for critical threats like legitimate maintainer account compromises.

Recent Critical Incidents Missed by Dependabot

September 8-9, 2025: The qix account compromise affected 18+ popular packages (chalk, debug, ansi-styles) with 2+ billion weekly downloads. Malware was designed to steal cryptocurrency by intercepting wallet transactions.

• Advisory: GHSA-8mgj-vmr8-frr6 (debug), GHSA-ch7m-m9rf-8gvv (color-convert), etc.
• Result: Dependabot users received NO alerts despite critical compromise

August 26, 2025: The nx package compromise affected 3.5M+ weekly downloads, harvesting credentials, GitHub tokens, and cryptocurrency wallets from developer machines.

• Advisory: GHSA-cxm3-wv7p-598c
• Result: Dependabot users received NO alerts despite supply chain injection

Current Advisory Quality Issues

Malware advisories currently use generic boilerplate text regardless of attack type:

Any computer that has this package installed or running should be considered fully compromised. 
All secrets and keys stored on that computer should be rotated immediately from a different computer...

This provides no actionable intelligence to distinguish between:

• Low-impact substitution attacks (typosquatting, registry confusion)
• High-impact account compromises (legitimate maintainer takeovers)
• Supply chain injections (CI/CD pipeline compromises)

Proposed Solution

Add Attack Type Classification to Malware Advisories

Extend the OSV format's database_specific field to include structured attack metadata:

{
  "database_specific": {
    "github_reviewed": true,
    "github_reviewed_at": "2025-09-09T...",
    "attack_type": "account-compromise",
    "attack_vector": "phishing",
    "payload_classification": "credential-stealer",
    "scope": "single-maintainer"
  }
}

Proposed Attack Type Taxonomy

1. substitution - Registry confusion, typosquatting, name similarity attacks
2. account-compromise - Legitimate maintainer account takeovers
3. supply-chain-injection - CI/CD pipeline compromises, build system attacks
4. direct-malware - Intentionally malicious packages from malicious actors
5. infrastructure-compromise - Third-party infrastructure takeovers (like fsevents cloud storage)

Enhanced Dependabot Logic

This would enable selective alerting:

• Alert on: account-compromise, supply-chain-injection, direct-malware, infrastructure-compromise
• Suppress by default: substitution (with user opt-in available)

Benefits

1. Addresses Critical Security Gap

• Restores Dependabot coverage for legitimate high-impact threats
• Maintains noise reduction for substitution attacks
• Provides actionable threat intelligence

2. Improves Data Quality

• Forces structured analysis instead of generic templates
• Enables better threat intelligence and trend analysis
• Supports more sophisticated security tooling

3. Maintains Backward Compatibility

• Uses existing OSV database_specific extensibility
• No breaking changes to current advisory format
• Graceful degradation for tools that don't support new fields

4. Industry-Wide Impact

• Other security tools can leverage structured threat data
• Enables research on attack trends and patterns
• Sets precedent for structured malware classification

Implementation Path

Phase 1: npm Security Team Enhancement

• npm security team adds attack type classification during initial malware analysis
• Updates data pipeline to GitHub Advisory Database

Phase 2: GitHub Advisory Database Integration

• Add attack type fields to malware advisory templates
• Update OSV export format to include structured metadata
• Maintain API backward compatibility

Phase 3: Dependabot Logic Updates

• Implement selective alerting based on attack types
• Monitor false positive/negative rates

Technical Considerations

OSV Schema Compatibility

The OSV format explicitly supports this via database_specific fields:

"The database_specific field is a JSON object holding additional information... entirely defined by the database and beyond the scope of this document."

Precedent for Structured Metadata

GitHub already provides structured prioritization data:

• CVSS scores and severity ratings
• CWE identifiers
• EPSS scores for exploit likelihood

Attack type classification follows this established pattern.

Call to Action

Short-term: Begin classifying new malware reports with attack types
Medium-term: Implement Dependabot selective alerting

The recent chalk/debug and nx incidents demonstrate that the current system fails to protect developers from the most serious supply chain threats. This proposal provides a practical solution that balances security coverage with noise reduction.

---

External References:

• OSV Schema Documentation
• Recent npm account compromise analysis
• nx supply chain attack details