News and Notes from the Makers of Nexus | Sonatype Blog

This Week in Malware - Almost 100 packages

Written by Aaron Linskens | September 16, 2022

This week in malware we discovered and analyzed over seven dozen packages flagged as malicious, suspicious, or dependency confusion attacks.

Malicious packages caught by Sonatype

We caught the following this week via Sonatype's automated malware detection system, offered as a part of Sonatype Repository Firewall:

28hsiwhji
@arkadium/eagle-user-client
@ay-cms/cms-web-sdk
@bi-crm/api
@bi-crm/config
@bi-crm/gcloud
@bi-crm/logging
@bi-crm/services
@bi-crm/util
@cloud-panel/add-on-utils
@cloud-panel/components
@cloud-panel/element-theme-scayle
@cloud-panel/icons
@cloud-panel/single-spa-vue
@cloud-panel/tailwind-base
@creditkudos/design-foundations
@cseousage/cseousagetelemetrymodel
@elisaid/elisaid-js-client
@iamexperiences/ecos-telemetry
@iamexperiences/react-auth
@iamexperiences/suite-header
@m365-feedback/scripts
@newfold-labs/wp-module-ecommerce
@test-cms/ui-library
aws-xray-sdk-fastify
beaker-virtual-fs
bls-signer
browserify-snap
btcrelay-sol
builtin-pages-lib
chimera-dom
chrome-ssh-agent
ciscosparksdk
com.atteneder.gltfast
com.unity.film-internal-utilities
com.unity.selection-groups
common-web-frontend-styling
core-better
docusaurus-plugin-name
dogwhohacks-research-security-do-not-install
ember-cli-htmlbars-3
endpoint-sdk
faustwp
fire-marshal-ebay
fleetrouting-app
fleetrouting-app-backend
ganache-cli-coverage
hackmebankdkorrrevshell24hagain
herokujs009
hyrule-react-commons
jose-openid-client
kashi
lldb-vscode
medtimeline
monorepo-base
neurosoftmaliciouspackage
node_resolve_main
outline-site
package-watcher
pages-plugins-example
pocketnet
polkabtc-ui
portableonboarding
react-router-stable
react18
rhyselsmore-research-security
rhyselsmore-research-security
sa-docs-to-json
sample-travis-ci
starknet-dai-keeper
stitch-fix-men
tessssssssss
test_swarthy
testfromhere
tiffany-contracts
ts-petstore-client
uol-host-ui
vendors-stub
vulnerable-dependency
wagmi-example
workers-chat-demo
wrangler-dev-api-app
www-error
www-search
www-server
zalopay-api
zohocomponents-angular

These discoveries follow our report last week of dependency confusion candidates published as proof-of-concept (PoC) exercises by security enthusiasts and bug bounty hunters.

Turn on Sonatype Repository Firewall for automatic protection

As a DevSecOps organization, we remain committed to identifying and halting attacks, such as those mentioned above, against open source developers and the wider software supply chain.

Users of Sonatype Repository Firewall can rest easy knowing that such malicious packages would automatically be blocked from reaching their development builds.

Sonatype Repository Firewall instances will automatically quarantine any suspicious components detected by our automated malware detection systems while a manual review by a researcher is in progress, thereby keeping your software supply chain protected from the start.

Sonatype's world-class security research data, combined with our automated malware detection technology safeguards your developers, customers, and software supply chain from infections.