Researchers Uncover 700+ Malicious Open Source Packages
1 min read
Feb 22, 2023
Security researchers have discovered another sizeable haul of malicious packages on the npm and PyPI open source registries, which could cause issues if unwittingly downloaded by developers.
In January, Sonatype said it found 691 malicious npm packages and 49 malicious PyPI components containing crypto-miners, remote access Trojans (RATs) and more.
The discoveries by the firm’s AI tooling brings its total haul to nearly 107,000 packages flagged as malicious, suspicious or proof-of-concept since 2019.
It includes multiple packages that contain the same malicious package.go file – a Trojan designed to mine cryptocurrency from Linux systems. Sixteen of these were traced to the same actor, trendava, who has now been removed from the npm registry, according to Sonatype.
Separate finds include PyPI malware “minimums,” which is designed to check for the presence of a virtual machine (VM) before executing. The idea is to disrupt attempts by security researchers, who often run suspected malware in VMs, to find out more about the threat.
Related Articles
1 - 0 min read
SPDX 3.0 Revolutionizes Software Management & Security
1 - 0 min read
White House Warns: Move to Memory-Safe Languages
1 - 0 min read
Open Source is Not Insecure, Despite Common Misconceptions
1 - 0 min read
Linux Kernel 'Make-Me-Root' Flaw Threatens Popular Distros
