This week in malware, we discovered and analyzed nearly 40 packages flagged as malicious, suspicious, or dependency confusion attacks in npm and PyPI registries.
We caught the following this week via Sonatype's automated malware detection system, offered as a part of Sonatype Repository Firewall:
@behemothx00/cacademee
@behemothx00/webpinger
@behemothx00/webpinger1
@ibmsss/test
@malware-test-jiaos-sluse-tired-haulm/test-mlw3-jiaos-sluse-tired-haulm
@malware-test-jujus-plied-glops-jiver/test-mlw3-jujus-plied-glops-jiver
@malware-test-mixed-first-snees-kibes/test-mlw3-mixed-first-snees-kibes
@malware-test-tanga-pence-dance-muist/test-mlw3-tanga-pence-dance-muist
aae-stream
asdljnsdl
aspect-node-playground
b2-sdk-python
ceedee
discord.js-lukyy
evm-script-decoder
faizee.asad
iamvpnlibrary
inbm-lib
kash1338
kashem1337
kashm1337
luciad
my-little-snippet
ololol
pp31338
protonvpn-nm-lib
pyproximabe
rabin-sharmakobau
raspius
sdljnsdl
sfox-ecdsa
tesla-faas2
test-mlw1-jujus-plied-glops-jiver
test-mlw1-murva-laugh-palps-peace
test-mlw1-table-araba-druse-stich
trin-axios
webp1nger
These discoveries follow our report last week of over 50 packages discovered.
As a DevSecOps organization, we remain committed to identifying and halting attacks, such as those mentioned above, against open source developers and the wider software supply chain.
Users of Sonatype Repository Firewall can rest easy knowing that such malicious packages would automatically be blocked from reaching their development builds.
Sonatype Repository Firewall instances will automatically quarantine any suspicious components detected by our automated malware detection systems while a manual review by a researcher is in progress, thereby keeping your software supply chain protected from the start.
Sonatype's world-class security research data, combined with our automated malware detection technology safeguards your developers, customers, and software supply chain from infections.