As open source ecosystems continue to expand, so does the sophistication and aggression of malicious actors targeting them.
In Q3 2025, Sonatype identified 34,319 new open source malware packages, representing a staggering 140% increase from Q2 2025.
The findings in our latest Open Source Malware Index underscore a troubling trend. Attackers are increasingly refining their tactics, aiming for deeper infiltration and greater impact across open source software and artificial intelligence (AI).
Malware Growth Accelerates Across Ecosystems
Sonatype’s latest analysis — powered by Sonatype Repository Firewall, Sonatype Lifecycle, and proprietary Release Integrity data — paints a clear picture: open source malware is not only multiplying, but also maturing.
Sophisticated attacks replace low-level "noise," as simple, spam-like malware declines and more complex, targeted threats dominate, reflecting an evolution from opportunistic exploits to strategic, higher-impact campaigns.
Here's what we saw in Q3 2025:
-
A major campaign compromised the popular npm packages chalk and debug, among others, through an account takeover, impacting projects that collectively receive over 2 billion weekly downloads.
-
A multi-stage attack dubbed Shai-Hulud compromised over 180 npm packages by stealing maintainer credentials and publishing poisoned updates.
-
Data exfiltration malware accounted for 37% of all malicious open source packages detected, highlighting a shift toward intelligence-gathering and monetization of sensitive data, rather than mere disruption or defacement.
-
Droppers skyrocketed by 2,887% to represent 38% of all Q3 threats, suggesting attackers increasingly used open source packages to deliver multi-stage payloads and build more modular, persistent attack chains.
-
Backdoor-laden packages grew 143% over Q2, though they still accounted for just 4% of total threats, signaling a steady rise in persistence-oriented attacks designed to maintain covert, long-term access to compromised environments.
-
Cryptominers continued to decline, making up just 4% of threats compared to 6% last quarter, indicating attackers deprioritized easy-to-detect, low-reward exploits in favor of more advanced and financially motivated techniques.
-
Sonatype blocked 110,270 open source malware attacks for customers in Q3 2025, including more than 8,000 targeting Federal organizations. Financial services organizations defended against the most attacks (47%), followed by business services (14%) and energy and utilities (8%). Notably, government customers experienced a 218% increase in blocked attacks compared to Q1, underscoring the growing focus of adversaries on public sector systems.
As the total number of malicious packages surpassed 877,000, a crucial shift emerged: low-severity malware detections are declining, as adversaries focus on high- and critical-severity exploits designed to maximize disruption and data theft.
Developers Remain Prime Targets
This quarter's surge reminds us that attackers increasingly see developers as the new perimeter.
Open source ecosystems — from npm and PyPI to Maven Central and Hugging Face — continue to be fertile ground for malware that masquerades as legitimate packages, tools, and even AI models.
Frequently, these malicious components are meticulously designed to mimic legitimate dependencies, preying on common developer practices such as typosquatting and dependency confusion.
Once installed, they can exfiltrate credentials, mine cryptocurrency, or inject backdoors deep into CI/CD pipelines.
Notable Incidents: npm Under Siege
Two major incidents dominated headlines this quarter, each highlighting how trusted ecosystems can become high-impact threat vectors.
A recent hijacking of widely used packages, including chalk and debug, and the Shai-Hulud campaign demonstrated attackers have weaponized open source and AI.
These incidents demonstrate that even seasoned developers can become vectors for compromise — and that automated defenses are now essential to detect and block malware at the gate.
Hijacked npm Packages: Chalk and Debug
In one of the most alarming breaches of the year, attackers phished the maintainer of numerous popular npm packages, including chalk and debug, which collectively see more than 2 billion weekly downloads.
The result was a wave of hijacked versions injected into legitimate open source projects — a stark reminder of how social engineering remains one of the most effective tools for software supply chain compromise. Read our full analysis.
Shai-Hulud Worm: The First Self-Replicating npm Malware
Q3 2025 also introduced the Shai-Hulud worm, a first-of-its-kind self-replicating malware targeting npm. Spreading autonomously through infected packages, it managed to compromise more than 500 npm components in a matter of days. Read our detailed breakdown.
Malware Defenses and Blocking Success
Sonatype Repository Firewall blocked 110,270 malware attacks this quarter alone, preventing compromised components from ever entering trusted development environments.
By leveraging advanced heuristics, behavioral analysis, and AI-assisted detection through Release Integrity, Sonatype continues to protect organizations against rapidly evolving threats.
With Sonatype's intelligence integrated across ecosystems, every malicious discovery strengthens defenses for the broader open source community. As the volume and sophistication of attacks grow, so too does the importance of real-time protection and automated governance.
The Road Ahead: Defending Against a Maturing Threat
Our Q3 2025 data shows how open source malware is no longer a fringe issue. Attackers are innovating faster than ever, leveraging automation, social engineering, and even AI to insert malicious code into the world's most widely used software ecosystems.
With a 140% quarterly increase in new malware and a surge in high-severity attacks, developer security can no longer be an afterthought. Open source malware is shifting from simple exploits to sophisticated campaigns designed to maximize disruption and data theft.
To defend effectively, organizations must:
-
Automate early-stage threat blocking with tools like Sonatype Repository Firewall.
-
Continuously monitor dependencies with Sonatype Lifecycle.
-
Verify component integrity with Release Integrity and cryptographic provenance checks.
-
Educate developers on recognizing and mitigating open source risks.
As the Open Source Malware Index tracks this landscape, the open source community's resilience depends on shared vigilance, smarter automation, and securing modern software's foundation.
For a deeper dive into open source security best practices, explore Sonatype's Guide to Understanding Open Source Risks and our Guide to Removing Malware.
