MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
malware
Search

Sonatype warns of 18,000 open source malware packages

Friday April 4, 2025. 02:10 AM , from InfoWorld
Software supply chain security company Sonatype uncovered 17,954 open-source malware packages during Q1 2025, the company revealed in its Open Source Malware Index.

Sonatype’s Open Source Malware Index for Q1 2025 was introduced April 2. A proliferation of open source malware, or malicious open source packages, poses unprecedented risk in the form of software supply chain attacks, the company said. Open source malware is intentionally crafted to target developers, in order to infiltrate and exploit software chains, according to Sonatype.

The index examines evolving trends in open source malware and key shifts in malicious open source packages across ecosystems. Data for Q1 2025 showed a notable shift in the types of threats targeting software developers, with more than half of the malware aimed at exfiltrating sensitive data, Sonatype said.

To create the index, Sonatype examined a broad set of open source package consumption data and proprietary data, including malicious packages blocked by Sonatype Firewall. Sonatype also examined dependency update patterns for more than 1.5 trillion requests from Maven Central and thousands of open source projects, and analyzed malicious packages observed in the Java (Maven Central), JavaScript (NPM), Python (PyPI), and.NET (NuGet) ecosystems.

Key findings of the Open Source Malware Index for Q1 2025 include the following:

56% of malware discovered in Q1 2025 was related to data exfiltration, designed to harvest sensitive data from infected systems. This was a dramatic increase from 26% in Q4 2024.

Crypto-mining malware made up 7% of malicious packages discovered in the Q1 2025, doubling from 3.55% in Q4 2024.

Sonatype said it helped block more than 20,000 open source malware attacks in Q1 2025, with 66% of these at financial services companies, 14% at government organizations, and 7% at oil and gas utilities.

80% of logged packages in Q1 2025 were made up of more sophisticated and threatening types of malware, such as droppers and code injection malware.
https://www.infoworld.com/article/3953841/sonatype-warns-of-18000-open-source-malware-packages.html

Related News

News copyright owned by their original publishers | Copyright © 2004 - 2025 Zicos / 440Network
Current Date
Apr, Fri 4 - 20:33 CEST