As open source software continues to fortify modern applications, attackers are finding new and increasingly efficient ways to exploit the trust developers place in public ecosystems.
Sonatype identified 394,877 new open source malware packages in Q4 2025, representing a 476% increase compared to the previous three quarters combined.
Nearly 89% of all malicious packages observed in 2025 were logged in Q4, driven largely by a single, highly automated campaign that dramatically increased package volume late in the year.
Throughout 2025, Sonatype researchers observed a steady evolution in attacker tactics. While earlier quarters focused heavily on volume and opportunistic campaigns, Q4 reveals a shift toward precision, persistence, and ecosystem-level manipulation.
Several clear themes emerged from our Q4 malware research, and the scale of activity marked a dramatic inflection point for the open source ecosystem.
Here's what we saw:
Automation at scale: Attackers increasingly relied on scripted and AI-assisted tooling to publish, update, and rotate malicious packages across ecosystems. Repository abuse surged by 53,000%, driven largely by one self-replicating malware campaign.
Framework and dependency abuse: Popular frameworks, particularly in the JavaScript and React ecosystems, were repeatedly targeted, as attackers sought maximum downstream impact. 99.8% of all Q4 malware originated from npm, reinforcing its status as the most heavily targeted ecosystem.
Living-off-the-ecosystem tactics: Instead of introducing entirely new malware, attackers modified existing packages, dependency chains, and release processes to hide in plain sight.
Speed over stealth: Many campaigns prioritized rapid propagation, betting that defenders would struggle to keep pace with the volume and velocity of malicious releases. Sonatype observed an 833% increase in data corruption events, with 564% of malicious packages containing backdoors designed for persistence.
Decline in cryptomining malware: As cloud providers, registries, and enterprises have improved detection of resource abuse, attackers appear to be shifting away from cryptominers in favor of higher-impact malware focused on persistence, data access, and supply chain compromise.
These trends reinforce a core reality of modern software development: security controls must operate earlier and more continuously in the pipeline, as post-download detection and periodic scanning are fundamentally inadequate against automated, self-replicating malware campaigns.
One of the most notable campaigns uncovered in Q4 was PhantomRaven, a sophisticated npm-based malware operation designed to rapidly publish and recycle malicious packages.
PhantomRaven demonstrated how attackers leverage automation to:
Generate large volumes of malicious packages with minimal manual effort.
Rotate package names and versions to avoid takedowns.
Exploit developer trust in familiar naming conventions.
This campaign underscores why relying solely on reactive detection, such as post-download scanning or manual reviews, is no longer sufficient. Malware that moves this quickly requires defenses that operate earlier in the development process, before malicious components can propagate internally.
Another defining moment in Q4 was the IndonesianFoods campaign, which illustrated how attackers can weaponize the openness of public ecosystems themselves.
The IndonesianFoods campaign effectively doubled the total volume of malware on npm in just a few days, generating over 100,000 malicious packages by creating a new package every seven seconds. This self-replicating operation abused the TEA protocol to overwhelm ecosystem defenses and target developers at scale.
In this campaign, automation enabled attackers to continuously monitor ecosystem responses, rapidly adapt malicious packages to evade detection, and exploit the same collaborative workflows developers rely on every day.
This level of automation represents a turning point. Attackers are no longer reacting to defenders. They actively probe and optimize their campaigns in real time. For development teams, this reinforces the need for automated enforcement at the point of entry, ensuring malicious packages are stopped before they can propagate through internal repositories and pipelines.
The return of Shai-Hulud-inspired techniques in Q4 demonstrates that attackers are iterating on proven methods rather than abandoning them.
Reemerging under a new name, dubbed "Sha1-Hulud: The Second Coming," and with updated delivery mechanisms, this hijacking campaign refined payload execution and evasion techniques. We discovered over 2,100 malicious packages associated with these efforts.
This latest evolution revealed improved obfuscation, more selective targeting of high-value packages, and a deliberate shift toward persistence over immediate payload execution.
By refining earlier approaches, attackers are extending the lifespan and impact of their malware. This trend highlights the growing need for stronger assurances around component provenance and build trust, as attackers increasingly rely on subtle tampering and persistence rather than overt payload execution.
Q4 2025 makes it clear that open source malware is no longer opportunistic or isolated. Attackers are exploiting speed, automation, and trusted ecosystems to embed malicious code deeper into the software supply chain and scale their campaigns faster than traditional defenses can respond.
During the quarter, Sonatype Repository Firewall blocked 120,612 open source malware attacks, preventing malicious components from ever reaching developer environments.
To defend against this evolving threat, organizations must move security earlier and enforce it continuously:
Block malicious components at the point of entry with Sonatype Repository Firewall.
Continuously monitor open source dependencies using Sonatype Lifecycle.
Verify build and release integrity to prevent late-stage tampering.
Educate development teams on how malware enters through everyday workflows.
As attackers continue to weaponize automation and trust, securing the software supply chain requires equal speed and intelligence. Open source remains one of the greatest accelerators of innovation, but only when its risks are actively managed and its foundations are protected.