The rise of open source malware packages is alarming, with Sonatype reporting 16,279 malicious packages across key ecosystems like npm and PyPI last quarter. This total marks a 188% increase from the previous year. Data exfiltration is the primary threat vector, accounting for 55% of malicious packages. Over 4,400 were specifically tailored to steal sensitive data, while data corruption and cryptomining malware are also notable concerns. Attackers are using sophisticated techniques for data exfiltration to remain undetected, demanding heightened vigilance from developers and security teams.
"Attackers are no longer simply experimenting with open source. The numbers are telling us that threat actors have identified data as the most profitable target, and developers as the easiest way in."
"Developers and security teams must be vigilant, as threats increasingly hide in plain sight within everyday tools and dependencies."
Collection
[
|
...
]