:
Skip Navigation
Resources Blog This Week in Malware—Ongoing Dependency Confusion

This Week in Malware - Ongoing dependency confusion

This week in malware, Sonatype's automated malware detection systems have flagged over four dozen packages on both the npm and PyPI registries. Most of these packages are dependency confusion candidates published as proof-of-concept (PoC) exercises by security enthusiasts and bug bounty hunters.

npm and PyPI Dependency Confusion Candidates

This week, Sonatype's automated malware detection system, offered as a part of Sonatype Repository Firewall flagged the following packages on npm and PyPI registries:

@anemone95/evil
@carb-manager/cm-shared-js
@icloud-edu/silver-bullet
alchemix-v2-ui
appdirect-universal-search
brbsainath
ca-certificates
cm-shared-js
conflicting_modules
customer-satisfaction-survey
dataclasses-python-version
deskpro-notifications-service
dl-pp-latm
dotencode
epic-ue-marketo
epic-ue-search
epic-unreal-engine
eslint-config-i18n-scan
fncache
generaldelta
geodesic
ing-lib-payments-utilities
instantsearch-electron
integration_reddit
intergalactic-documentation
internallib_v100
internallib_v539
logpeck
mdcs-xms-core-lib
merchant-status-timeline
metaflow-ui
metamask-docs-next
my-little-snippet
nlu-devops-common
old_engine
optly-components
page-a
paypalme-components
pexels-figma
ppme-settings
ptokens-erc20-vault-smart-contract
react-native-aes-crypto-forked
react-native-animated-fox
sckit-learn
test-hach
theblock-ssr-nuxt
useevil
wc-skroutz-analytics

The discovery follows our last week's report listing 120+ packages we'd identified that comprise malware and/or dependency confusion packages.

Turn on Sonatype Repository Firewall for automatic protection

As a DevSecOps organization, we remain committed to identifying and halting threats to open source developers and the wider software supply chain.

Users of Sonatype Repository Firewall can rest easy knowing that such malicious packages would automatically be blocked from reaching their development builds.

article - repo firewall flowchart-Mar-22-2024-04-01-19-7647-PM

Sonatype Repository Firewall instances will automatically quarantine any suspicious components detected by our automated malware detection systems while a manual review by a researcher is in progress, thereby keeping your software supply chain protected from the start.

Sonatype's world-class security research data, combined with our automated malware detection technology safeguards your developers, customers, and software supply chain from infections.

Picture of Ax Sharma

Written by Ax Sharma

Ax is a Staff Security Researcher & Malware Analyst at Sonatype with a penchant for open source software. His works and expert analyses have frequently been featured by leading media outlets including the BBC. Ax's expertise lies in security vulnerability research, reverse engineering, and cybercrime investigations. He has a passion for educating a wide range of audiences through writing and vlogs.