Researchers Uncover 7000 Malicious Open Source Packages

12 April 2023

Security vendor Sonatype detected 6933 malicious open source packages in the month of March alone, bringing the total discovered since 2019 to 115,165. Info-stealers comprised a significant number of these malicious components, including copycats of the popular W4SP stealer, such as one called “microsoft-helper” from an author self-described as “idklmao.” “The name of the package, microsoft-helper, might be the bad actors’ attempt to disguise its malicious nature, maybe with the goal of potentially adding it as a dependency of a popular package they’ve already owned,” Sonatype explained.

Read full article on Infosecurity

Date:

12 April 2023

Categorie(s):

NEWS

Tag(s):

IT, Malicious, Open Source, Packages, Researchers

Splunk Asset and Risk Intelligence accelerates security investigations6 May 2024
Why IR teams now need an incident commander6 May 2024
It Costs How Much?!? The Financial Pitfalls of Cyberattacks on SMBs6 May 2024
Swimlane launches new marketplace for enhanced security automation and integration6 May 2024
Future Unveiled: Q&A with Drew Firment on AI, Cloud, & Beyond6 May 2024