Open Source Components Analyzed by Sonatype Intelligence:


A History of Software Supply Chain Attacks

July 2017–Present


JUNE 2024

'cors-parser' npm package hides cross-platform backdoor in PNG files

The "cors-parser" npm package was found to conceal a cross-platform backdoor within what seemed to be PNG files. This package used a simple steganography technique to embed malware into these images, which, when downloaded, would execute on Windows or Unix systems, deploying further malicious payloads. This tactic highlights evolving strategies by threat actors to exploit software development environments and avoid detection.

Russia-linked 'Lumma' crypto stealer now targets Python devs

A malicious package named "crytic-compilers" was identified on PyPI, exploiting the typographical similarity to a popular cryptographic library. This typosquatted package was engineered to specifically target Windows users by deploying a trojan that could steal cryptocurrency, cleverly matching its version numbers with the legitimate library to deceive users.


MAY 2024

PyPI crypto-stealer targets Windows users, revives malware campaign

The "pytoileur" package on PyPI, part of the "Cool package" malware campaign, targeted Windows users by deploying a trojanized binary for data and cryptocurrency theft. Disguised as an API management tool, it revived a year-old malicious campaign with sophisticated methods to compromise user systems.


APRIL 2024

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

A developer flooded npm with nearly 14,000 packages containing minimal functional code cloned from other legitimate packages. These packages, largely clones of existing software, were created to earn rewards through a decentralized blockchain protocol called 'tea.' This protocol incentivizes open source contributions by issuing tokens based on package popularity. This unprecedented bulk publication raises significant concerns about npm's ecosystem health and the integrity of package content.


MARCH 2024

CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma

CVE-2024-3094 marks a targeted backdoor attack on the XZ utility and liblzma library, spotlighting a significant supply chain risk. This sophisticated intrusion, revealed by unexpected SSH login delays, underscores the vulnerabilities associated with the sole maintainership model in open source projects. By embedding malware in binary test files to circumvent SSH authentication, the incident showcases the evolving complexity of cyber threats, emphasizing the critical need for enhanced scrutiny and collaborative security measures within open source.



Exploited SSRF vulnerability traced back to 'xmltooling' OSS library

A critical Server-Side Request Forgery (SSRF) vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA gateways, traced to the 'xmltooling' library part of the Shibboleth project, was actively exploited, allowing for unauthenticated command injection with root privileges. Identified as CVE-2023-36661, this issue was paired with another vulnerability, CVE-2024-21887, for the exploit. Users are urged to upgrade to xmltooling version 3.2.4 or later to mitigate the risk by restricting unsafe URI resolutions.

The curious case of 'csrf-magic': A case study in supply chain poisoning

A critical vulnerability in Ivanti products was linked to a backdoor in the "csrf-magic" open source component. Initially identified as a code injection flaw, deeper investigation revealed it as intentional backdoor insertion, highlighting a sophisticated supply chain poisoning case. This incident underscores the complexities and risks within the open source ecosystem, emphasizing the need for diligent inspection and verification of open source components to mitigate potential security threats and safeguard against subtle, malicious alterations.

npm packages spread 'Bladeroid' crypto-stealer, hijack your Instagram

Sonatype's Security Research team reported the discovery of npm packages distributing "Bladeroid," a malicious info-stealer targeting Windows users. The malware targets browser cookies, saved form data, local Telegram app files, and sessions for social media and streaming services, in addition to data from crypto wallet apps. Originating from a single npm author, these packages—such as sniperv1 and sniperv2 — exfiltrate sensitive information to attackers. With hints of Turkish origins, the malware emphasizes the ongoing threat posed by supply chain attacks in the open source ecosystem.



'everything' matters — why the npm package sparked controversy

The npm package named 'everything' caused controversy due to its potential impact on the npm ecosystem. Created as a seemingly harmless prank, it attempted to download all available npm packages, potentially causing a Denial of Service (DoS) by overloading storage space. This incident also inadvertently blocked developers from removing their own npm packages, highlighting vulnerabilities and policy loopholes in package management systems.

Fake 'distube-config' npm package drops Windows info-stealing malware

Sonatype's Security Research team identified two npm packages, 'distube-config' and 'discordyt,' which impersonate legitimate Discord modules. These packages contain malware designed to infect Windows systems with a Trojan that steals information. The discovery was made by Sonatype's security researcher Juan Aguirre, who analyzed the obfuscated code in these packages and identified their malicious activities. This incident underscores the ongoing threat of malicious packages in open source repositories.

npm flooded with 748 packages that store movies

The npm registry was flooded with 748 packages that contained movies, instead of the usual software artifacts. Each package, roughly 54.5 MB in size, was part of a series named with a 'wlwz' prefix. This incident, marked as sonatype-2024-0284, showcases an innovative misuse of npm, highlighting potential vulnerabilities and the need for strict registry management to maintain the integrity of software supply chains.



CVE-2023-50164: Another vulnerability in the widely used Apache Struts2 component

Security researchers discovered a new vulnerability, CVE-2023-50164, in Apache Struts2, a widely used web application framework. This vulnerability allows attackers to execute arbitrary code through a flaw in the file upload mechanism. It poses a serious risk for data breaches and system compromises in various sectors using Apache Struts2. This vulnerability further exemplifies the urgency for organizations to update Apache Struts to the patched version and undertake comprehensive security measures to mitigate this threat.

Decrypting the Ledger connect-kit compromise: A deep dive into the crypto drainer attack

A recent cybersecurity incident involved the compromise of Ledger's open source package, @ledgerhq/connect-kit, used in crypto wallets. Malicious versions of this package were released after an employee's phishing attack led to compromised npm account access. These versions included a crypto-drainer malware, which facilitated unauthorized cryptocurrency transactions. The malware activated when users interacted with a fake modal prompt, resulting in over $600,000 in siphoned cryptocurrencies. Ledger responded by releasing a clean version and emphasized the importance of vigilant security practices in software development.



Top 10 open source projects hit by HTTP/2 Rapid Reset zero-day

Sonatype's Security Research team revealed how the HTTP/2 'Rapid Reset' zero-day vulnerability, known as CVE-2023-44487, impacted ten major open source projects. This vulnerability in the HTTP/2 protocol exposes these projects to potential high-volume DDoS attacks. Affected projects include prominent names such as Apple's swift-nio-http2 library, Eclipse Jetty, and Tomcat Coyote. This incident underscores the ongoing challenges and importance of maintaining security in open source software environments.



New npm PoC packages target PayPal Zettle, Airbnb developers

Security researchers identified npm packages mimicking internal dependencies of companies like PayPal Zettle and Airbnb, possibly for bug bounty purposes. These packages, using a dependency confusion strategy, pose potential threats to the internal systems of these firms. This incident sheds light on the vulnerability of open source software development and the importance of robust security measures in software supply chains.

npm packages caught exfiltrating Kubernetes config, SSH keys

Sonatype's security team discovered a series of npm packages designed to exfiltrate Kubernetes configuration and SSH keys from users' systems. These packages, which impersonate legitimate JavaScript libraries, have been found running obfuscated code to collect sensitive files upon installation. This discovery highlights a significant threat in the npm registry, emphasizing the need for increased vigilance and security measures to protect against such malicious packages in software development environments.



Malicious PyPI package imitates VMware vSphere connector module

A malicious PyPI package called “VMConnect” imitated the legitimate VMware vSphere connector module but contained hidden sinister code. This package, downloaded hundreds of times, was part of an ongoing campaign dubbed “PaperPin.” When installed, it executed code from an attacker-controlled URL, along with similar packages “ethter” and “qu8uantiumbase.” These packages were reported and removed from PyPI, emphasizing the importance of obtaining legitimate software from official sources to avoid such threats.


JULY 2023

A French-meme-inspired PyPI package targets Windows with an info-stealer

A PyPI package named “feur” was found to contain a Windows Remote Access Trojan (RAT) alongside a meme-related name. Upon installation, it executed the RAT, which possessed surveillance capabilities, including clipboard access, network monitoring, webcam usage, and screenshot capture. Although initially appearing as a prank with low downloads, the RAT's potential for misuse highlighted the importance of safeguards like Sonatype Repository Firewall.


JUNE 2023

Manifest confusion in npm could be a cause for concern

“Manifest confusion,” as coined in Darcy Clarke’s blog post, refers to a significant issue within the npm ecosystem where a package's manifest, which contains metadata like dependencies and scripts, is published independently from the actual contents of its tarball, which houses the package's package.json file. This separation between the manifest and tarball contents can lead to inconsistencies, causing problems like cache poisoning, unknown/unlisted dependencies or scripts, and potential version downgrade attacks. Sonatype customers and users are protected by default against manifest confusion, but users of other tools should ensure they don't solely rely on manifest data for package information.

PyPI attackers unleash trojans and info-stealers

Sonatype's detection systems uncovered malicious packages on PyPI, named after the npm library “colors.” These packages, published by a PyPI account named “broke” targeted Windows systems, all with version 0.0.0, and contained payloads that executed trojans hosted on Discord's servers upon installation. Another package called “libiobe” targeted both Windows and Unix users, dropping trojans and info-stealers on Windows and running minified Python code on Unix. Sonatype also found packages using variable obfuscation, a pattern seen in crypto-miner malware. These incidents highlight ongoing threats to open source software registries like PyPI, with Sonatype Repository Firewall offering protection against such malicious packages.


APRIL 2023

Threat actors compromise 3CX desktop app in software supply chain attack

This software supply chain attack targeted 3CX’s native client applications for Mac and Windows, affecting 600,000 customers. This complex attack, believed to be orchestrated by a state actor, remained undetected for nearly a month and primarily aimed at specific users, particularly cryptocurrency companies. 3CX responded by advising users to uninstall compromised apps and switch frameworks, drawing parallels to the SolarWinds attack in terms of sophistication and emphasizing the importance of robust supply chain management in the software industry.


MARCH 2023

W4SP Copycats Continue to Infiltrate PyPI Registry

A series of malicious packages uploaded to the PyPI registry have been identified as information stealers resembling the popular W4SP stealer. These copycats pose a serious threat to developers who may inadvertently install them, compromising the open-source software supply chain.

Microsoft-Helper Package Reveals Copycat Info-Stealer

The microsoft-helper package on PyPI is a malicious package designed to deploy malware when developers run pip install. It downloads a remote script containing a second-stage payload, which exfiltrates sensitive information through a Discord webhook.

PyPI Package Reverse-Shell Part of MaaS Initiative

The malicious package reverse-shell on PyPI appears to be part of a global malware-as-a-service (MaaS) initiative. It executes a file from GitHub called, which adds an application to the Windows Registry for persistence and launches a malicious script named, designed to exfiltrate sensitive information.

SylexSquad Behind Sophisticated Info-Stealer

SylexSquad is believed to be responsible for the reverse-shell package and the sophisticated info-stealer malware. The malware can retrieve cookies, take screenshots, run shell commands, steal browsing history, and send the data to the attacker's Discord channel.

OpenAI Data Breach Traced to Unpatched Redis Vulnerability

An unpatched software bug/vulnerability in an open-source component called Redis led to a data breach at OpenAI. The incident exposed subscribers' payment-related info and users' chat queries and resulted in Italy becoming the first Western country to ban ChatGPT.



httops Package Attempts to Sneak In Through GTA 5 Mods

The httops package included a payload encoded with base64 with a URL that leads to a website inviting people to download cheats for the video game Grand Theft Auto 5. Users might be inadvertently installing some type of backdoor or remote access trojan (RAT) along with the mods.

Info-Stealers Distributed via Python packages on the PyPI Registry

Our AI detected a series of information stealers uploaded to the PyPI registry. They resemble W4SP Stealer, a dangerous information stealer that has inspired copycats after their emergence as a means to attack software supply chains in July 2022.

Malware Campaign Floods PyPI with Thousands of Malicious Packages

Near the end of February, we tracked a malware campaign involving a threat actor infiltrating the PyPI software registry with thousands of malicious packages. The packages contain a Windows Trojan that downloads second-stage infection from a Dropbox URL.

Malicious ‘aptX’ Python Package Drops Meterpreter Shell, Deletes ‘netstat’

Our security researchers discovered a harmful Python package called aptX on PyPI designed to perform various detrimental activities, such as dropping malware, deleting the “netstat” utility, and tampering with the SSH authorized_keys file on the system.



Minimums Package Attempts to Download and Install a Trojan Virus

Some attackers are designing malware that validates the presence of a virtual machine before attempting to execute. Our AI flagged the minimums package and our security researchers confirmed it as malicious. The package contains a payload in the file that attempts to download a Trojan virus from a rogue server, install it, and log the installation result using a Discord webhook.

A Stack of Malicious Cryptominers Target Linux Systems

Our security research team uncovered a noticeable volume of cryptocurrency miners within the npm registry. In one of our finds, the malicious package speedtestgod contained a package.go file detected as a Trojan that targets Linux systems and attempts to mine cryptocurrency using unsuspecting victims’ resources. We found other packages using the same Trojan file and uncovered that 16 of these malicious cryptominers originated from a single account. The supposed threat actor was reported and removed from the npm registry.



Malicious 'Cabo Custody Restful' Attack Tries to Trick Developers Using MacOS

Some of the malicious packages detected by our AI targeted developers using Mac computers. With cobo-python-api, threat actors used dependency confusion to trick developers into downloading a tainted version of the crypto library ‘Cobo Custody Restful’. By uploading a compromised version with the same name on PyPI, attackers expect that the package manager (pip) used by developers will prioritize the malicious version over the legit GitHub version.

RAT Mutants Attack

Our system flagged (and helped take down) six malicious packages attacking Python developers by combining the capabilities of a remote access trojan (RAT) and information stealers. With names such as easytimestamp, pyrologin, discorder, discord-dev,, and pythonstyles, the malicious packages launch a PowerShell script that fetches a ZIP file and installs the libraries pynput, pydirectinput, and pyscreenshot that allows the attacker to control the target’s mouse and keyboard, and take screenshots.

PyTorch-nightly Build Compromised

PyTorch disclosed the compromise saying the attack exclusively affected users of the PyTorch-nightly build and not users of PyTorch stable packages. From December 25-30 2022, the nightly build downloaded a library called torchtriton—a dependency that executes a malicious binary when imported. PyTorch removed the counterfeit library as a dependency for nightly packages and replaced it with a dummy package registered on PyPI to prevent similar attacks.

Reverse Shell Invasion Caught

More in the series of malicious packages that establish a backdoor connection between the attacker and target using the reverse shell technique. After November 2022’s initial attack, our AI caught additional packages such as aidoc-consul, aidoc.genmfa, and aidoc-e23-utils that leveraged this attack vector.

Malicious __import__ Attempts Still Lurking

In another follow up to an attack in November 2022, our AI caught a series of packages on PyPI that concealed an important statement in their files by using spaces to create the illusion that there’s no malicious code in sight.



Malicious Reverse Shell and Bind Shell Scripts Taint Packages

We discovered packages such as tshawn-Irce and tshawn-wrce that were tainted with malicious reverse shell and bind shell scripts. Other packages our security researchers found, such as requests-dm, fastupdate, and discordxyz, looked for information on the target computer’s OS such as hostnames, IPs, credentials, and other configuration details with the purpose of exfiltrating such data to malicious servers.

pywx PyPI Package Attempts to Run Malicious Code From an External Source

Our security researchers found that this attack started by copying a legit package (object_pool in this case) and then injecting __import__ statement to run malicious code from an external source.



'JuiceLedger' Tries to Catch PyPI Maintainers Unaware

A phishing attack attempts to distribute a .NET-based malware, dubbed 'JuiceStealer,' that steals credential, browser, and cryptocurrency vault information and feeds the ill-gotten goods to a domain (linkedopports[.]com) purportedly controlled by JuiceLedger. This malware attempts delivery in a sequence of a phishing email purporting a validation process which in turn steals login credentials and subsequently drops malware into the packages of unsuspecting PyPI maintainers.



241 Cryptomining Packages Flood npm, PyPI

Sonatype's malware detection systems spotted 186 npm packages that were typosquats of popular libraries. All of these packages dropped cryptominers after infecting Linux systems. A security researcher, Hauke Lübbers, additionally discovered an identical attack on PyPI and shared with us a list of 55 offending Python packages.

PyPI Package ‘secretslib’ Drops Linux Malware to Mine Monero

Malicious 'secretslib' Python package drops second-stage payload in-memory to silently run XMRig and mine Monero.

‘Requests’ Library Typosquats Install Ransomware

We identified and analyzed multiple malicious Python packages that contain ransomware scripts and are typosquats of a legitimate, widely known library called 'Requests.'


JULY 2022

PyPI Packages Steal Telegram Cache Files, Add Windows Remote Desktop Accounts

Sonatype discovered malicious PyPI packages that set up new Remote Desktop user accounts on your Windows computer and steal encrypted Telegram data files from your Telegram Desktop client.

A Python Cryptominer Targeting Windows, Linux, macOS

We identified a suspicious PyPI component called 'python-dateutils' that mines Monero (XMR) cryptocurrency on your system—whether Windows, Linux, or macOS, and steals AWS credentials.


JUNE 2022

npm Malware Exfiltrates Windows SAM, Amazon EC2 Credentials

Sonatype security researchers analyzed npm packages '@core-pas/cyb-core' and 'notreallyapackagetrustme' that attempt to exfiltrate Amazon EC2 credentials as well as sensitive files such as ⁄etc/passwd on Linux, and SAM/SYSTEM on Windows.

Malware Kills Windows Defender to Drop a Trojan

npm package 'flame-vali' claims to let developers "bypass any request proxys." But instead it contains heavily obfuscated payload that makes several attempts to disable Windows Defender before it drops a trojan.

PyPI Packages Exfiltrate AWS Keys, env vars, Secrets

Multiple PyPI packages and typosquats caught by us this month exfiltrate AWS keys, environment variables, and other secret credentials. Users of these packages should immediately rotate their credentials.


MAY 2022

PyPI Package ‘ctx’ and PHP Library ‘phpass’ Compromised to Steal Environment Variables

Immensely popular PyPI package 'ctx' compromised in a supply chain attack and altered to steal environment variables from its users. Additionally, PHP project 'phpass' suffered a repo-hijacking attack with the project tained with an identical malicious payload to steal AWS keys.

New ‘pymafka’ Malicious Package Drops Cobalt Strike on macOS, Windows, Linux

We caught a 'pymafka' typosquat that drops Cobalt Strike payload across all platforms and targets developers using PyKafka, a legitimate Apache Kafka client for Python.

Malicious ‘rustdecimal’ Crate Found in Rust Repository

A malicious typosquat 'rustdecimal' was uploaded to the Rust's crate[.]io registry. The typosquat, named after the legitimate 'rust_decimal' concealed malicious code using carefully crafted XOR obfuscation. Sonatype's research team has analyzed the malware and added the typosquat to our security catalog to keep our customers protected.

Ongoing Campaign Targets ‘colors’ Library

We have now repeatedly seen the developers using the popular 'colors' library being targeted. Typosquats like colors-2.0, colors-update, colorsss are all attempts to make you fall for a nefarious clone of 'colors' laden with info-stealing trojans.

Apache Kafka Project Clone Leverages Dependency Confusion

The 'karapace' PyPI package caught and analyzed by Sonatype has the exact same name as the Python package on GitHub which is "An open-source implementation of Kafka REST and Schema Registry."

‘Bloat free’ Data Exfiltration Technique

In one of the suspicious npm packages Sonatype caught, we saw the npm package did nothing other than download another empty npm package from an external server, which made it all seem quite mysterious. But turns out, this PoC test by a researcher is a mere distraction technique for obtaining your IP address and username in a sleek manner.


APRIL 2022

VMware VSphere Dependency Confusion Attempt Caught by Sonatype

Sonatype's automated malware detection bots flagged a suspicious dependency that has the same name as a real package used by VMware VSphere SDK developers. PyPI took down the package following our report and VMWare confirmed no impact to users and its products in a statement.

500+ Malicious npm Packages Caught by Sonatype

From a 'fix-crash' npm package that steals your Discord info to 400 more malicious packages, caught in addition to those from March, that target Azure developers.

PyPI Takes Down Malicious ‘Distutil’ Package Imitating ‘distutils'

The name 'Distutil' might ring a bell as 'distutils' is a now-deprecated Python library that provided support for building and installing additional modules into a Python installation. 'Distutil' on the other hand contains obfuscated code and is, what looks like a typosquatting attempt.

Rise in ‘Protestware’ During Russia-Ukraine Crisis

Protestware—cases where maintainers behind popular open source projects sabotage their own software to make a point continue to ramp up. In days following the 'node-ipc' sabotage, maintainers behind npm libraries like 'event-source-polyfill', 'es5-ext' and 'styled-components' began adding peaceful anti-war messages to their packages.


MARCH 2022

Careful Out There: Open Source Attacks Continue To Be On the Uptick

We have identified 130 typosquatting packages on npm and a dozen malicious packages on the PyPI repository, at a time when the world is focused on the Russia-Ukraine crisis and governments are urging organizations to step up cyber security efforts in response to related malicious cyber incidents.

New ‘colors-2.0’, ‘colors-3.0’ Packages Are Malicious

To a casual observer, colors-2.0, colors-3.0, and other few may appear to be "newer" versions of the 'colors' library when that's far from the case. These packages are malware and tactfully named in a manner that may confuse a novice developer into mistaking them for the latest versions of official 'colors.'

A Cryptic ‘Reverse Shell’ Found Lurking in PyPI Packages

Don't be fooled by these Python packages that Sonatype has discovered this week on the PyPI registry. From a mysterious reverse shell to an AIOHTTP typosquat making a comeback for the third time!

86 Malicious npm Packages Named After Popular NodeJS Functions

Sonatype's automated malware detection bots have caught 86 npm packages that are named after popular NodeJS and JavaScript functions.

The development follows last week's discovery of over 400 malicious npm packages targeting Azure, Uber, and Airbnb developers—all caught by our malware detection system, offered as a part of the Sonatype Repository Firewall.



Malicious PyPi Packages Steal Your Roblox Security Cookies and Discord Tokens

Sonatype's automated malware detection systems have once again caught malicious PyPI packages that steal your Roblox security cookies and Discord tokens and drop suspicious EXEs on your system.

PyPI, NuGet, and npm Flooded With Roblox and Fortnite Spam

Sonatype spots threat actors polluting open source repos with bogus packages containing spam links. After tracking a series of massive malware and spam campaigns, we explain why threat actors increasingly target game developers and abuse gaming platforms for their malware-hosting needs.

Trojanized PyPI Package Imitates a Popular Python Server Library

Sonatype has once again stumbled upon a malicious Python package—this time imitating a massively popular middleware library. But instead, this package drops a Remote Access Trojan (RAT) that compromises your system completely.

jQuery npm Typosquat Has a Fishy Surprise

The popular jQuery project has a mysterious sidekick that has popped - 'jquery-lh'. While the npm package does install real jQuery code, behind the scenes it does something fishy and unexpected.



Massively Popular "Colors" and "Faker" npm Libraries Sabotaged

Thousands of open source projects including those produced by companies like Facebook (Meta) and Amazon broke after the developer behind "colors" and "faker" intentionally sabotaged his own packages in protest of "Fortune 500" companies exploiting open source.

PyPI Flooded With More Than 1,200 Dependency Confusion Packages

On January 23rd, a user flooded the PyPI registry with 1,275 dependency confusion packages, as spotted by Sonatype's automated malware detection systems.



Crypto App Faces $5 Million Ransom Demand Following Log4j Hack

One of the largest Vietnamese crypto apps, ONUS,  suffered a cyber-attack due to a vulnerable Log4j version. Threat actors first approached ONUS with a $5 million ransom demand but put up their 2 million customer records for sale online after the company refused to pay.

Log4j Zero-day Sets the Internet on Fire With 'Log4Shell' Attacks

A critical zero-day in immensely popular logging framework, log4j, is disclosed along with a public PoC. Shortly, attackers began mass exploitation of the flaw to push malware on vulnerable servers. Soon enough, CISA issues advisory and a dedicated webpage to urge organizations to remediate Log4Shell attacks.

Malicious PyPI Packages With 10,000 Downloads Taken Down

These packages dropped trojans on Windows machines and attempted to pry on Apache Mesos instances on Linux systems.



Popular Library "coa" Gets Hijacked in an Identical Style as "ua-parser-js"

Malicious versions of "coa" broke React pipelines around the world until they were removed. These versions contained similar credential-stealing trojan as the one seen in hacked "ua-parser-js" versions.

Hours After "coa" Hijack Is Discovered, "rc" Is Hijacked, Too

Yet another popular npm package, "rc" with 14 million weekly downloads is hijacked to spread malware, merely hours after "coa" hack is spotted. The malware and attack style is identical, drawing a link between the threat actor behind both incidents. NPM pins the cause of both attacks to project maintainer's account compromise.



Newly Found npm Malware Mines Cryptocurrency on Multiple Devices

Between October 12–15, new npm cryptomining malware was found targeting Linux, macOS, Windows devices, and imitating the legitimate "ua-parser-js" package.

Popular "ua-parser-js" Library Attacked

On October 22, a popular "ua-parser-js" library with over 7 million weekly downloads was itself hijacked. The same cryptominers were found.

Fake npm Roblox API Package Installs Ransomware and has a Spooky Surprise

Between October 20 and 26, Sonatype discovered typosquatting packages that mimic noblox.js, a popular Roblox game API wrapper. The Obfuscated malware found in npm includes extra unwanted functionalities including trojans, ransomware, and even a spooky surprise.



Cryptocurrency Heist Stemmed from a Malicious GitHub Commit

SushiSwap's MISO cryptocurrency platform suffered a $3 million theft resulting from a software supply-chain attack. Just one malicious code commit made to Sushi’s private GitHub repository was enough to alter the company’s auction portal, and replace the authentic wallet address with the attacker's.


JULY 2021


A ransomware group discovered and exploited a zero-day vulnerability in a remote monitoring and management software platform used by dozens of managed security providers (MSP). Because these MSPs service thousands of downstream customers, the hackers were able to conduct a ransomware attack against 1,500 victims.


MAY 2021

Microsoft’s WinGet Flooded With Duplicate, Malformed Apps

The weekend after launching, Winget's software registry was flooded with pull requests for apps that were either duplicates or malformed. Some newly added duplicate packages were corrupted and ended up overwriting the existing packages, raising serious concerns about the integrity of the Winget ecosystem.


APRIL 2021


An attacker was able to gain access to a credential via a mistake in how Codecov were building Docker images. This credential then let them modify Codecov’s bash uploader script which was either used directly by customers or via Codecov’s other uploaders like their Github Action. The attacker used this modified script to steal credentials from the CI environments of customers using it.



Namespace Confusion

Three days after news broke of an ethical researcher hacking over 35 big tech firms in a novel supply-chain attack, more than 300 malicious copycat attacks were recorded. Within one month, more than 10,000 dependency confusion copycats had infiltrated npm and other ecosystems.




Threat actors gained access to SolarWinds dev infrastructure, and injected malicious code into Orion update binaries. 18,000 customers automatically pulled trojanized updates, planting backdoors into their systems and allowing bad actors to exploit private networks at will.


“CursedGrabber” Malware Discovered

Discovery of the malware, called xpc.js in the npm registry confirmed to be a part of the newly identified family of Discord malware named CursedGrabber. This malware targets Window hosts and steals Discord information, sending user information via webhook to the attacker.

Counterfeit Components Discovered in the npm Ecosystem

The series of components were identified as a successor to “fallguys” malware: discord.dll,, wsbd.js, and ac-addon. These components exfiltrate Discord and web browser’s “leveldb” files, as well as collect data such as IP address, “PC username,” “discordcanary” files, etc.

New npm Malware With Bladabindi Trojan Spotted

The malicious typosquatted packages jdb.js and db-json.js are found laced with a popular Remote Access Trojan (RAT), njRAT aka Bladabindi. Upon install, the malicious script engaged in data gathering and reconnaissance, ultimately launching patch.exe which is an njRAT written in .NET. This allows a remote attacker to log keystrokes, modify registry values, initiate system shutdown or restart at will, among other nefarious activities.



Brandjacking Malware Found in npm

The counterfeit package twilio-npm opens a backdoor on a user’s device, giving attackers control of the compromised machine and Remote Code Execution (RCE) capabilities.



Multiple npm Packages Vulnerable to Typosquatting Attacks

The electorn, loadyaml, lodashs, and loadyml packages have all been identified as vulnerable. Once installed, the packages collect and expose sensitive information, including IP address, geolocation, and device fingerprint, publishing this data to a public GitHub page.


MAY 2020

Octopus Scanner

26 open source packages were found to be compromised through malicious code injection. The malware was designed to enumerate and backdoor NetBeans projects through the NetBeans IDE.


APRIL 2020

Hundreds of Malware Gems found on RubyGems

400 gems were removed from the public repository for typosquatting and crypto mining malware. They include atlas-client (downloaded 2,100 times by developers).



Microsoft Spots Malicious JavaScript Package

The malicious npm package — 1337qq-js — exfiltrates sensitive information such as hard-coded passwords or API access tokens through install scripts and targets UNIX systems only.



Trojanized Python Libraries Removed

Two Python libraries, python3-dateutil and jeIlyfish, were caught stealing SSH and GPG keys from the projects or infected developers.


Computers Running Malicious npm Package Considered “Fully Compromised”

All versions of sj-tw-test-security are found to contain malicious code. The package downloads and runs a script that opens a reverse shell in the system, allowing a remote attacker to compromise the affected system.

Prototype Pollution Vulnerability Continues to Cause Problems

Taking advantage of a typosquatting exploit for lodash npm packages, all versions of the lodahs package contain malware designed to find and exfiltrate cryptocurrency wallets. Packages web3b and web3-eht were removed for the same exploit pattern.



Gem Packages Pulled From Repo

Three versions of the Gems package basic_authable, released in 2017, were yanked from the Gems repository due to their malicious nature.



Compromised Version of rest-client Maintainer Stole credentials, Installed Crypto Miners

A compromised version of rest-client, a popular HTTP and REST client for Ruby, was uploaded to RubyGems. Affected versions (1.6.10 to 1.6.13) were downloaded about 1,000 times. Similar vulnerabilities were found in Gem packages coming-soon and cron_parser.

Malicious Package Removed From npm Repository

The component bb-builder stole login information from the computers it was installed on, sending it to a remote server.


JULY 2019

Malicious Python Libraries Removed From PyPI

A security firm found three malicious Python libraries — libpeshnx, libpesh, and libari — uploaded on the official Python Package Index (PyPI) that contained a hidden backdoor which would activate when the libraries were installed on Linux systems.

RubyGems Component Found to Contain Malicious Code

This attack involves remote code execution in applications using or bundling the strong_password component. The hacker in this attack compromised the component and its dependencies — and locked out the gem maintainer


JUNE 2019

Cryptocurrency Attack on npm via Malicious Code Injection

An npm package contained code designed to steal cryptocurrency wallet seeds and other login instruction details specific to cryptocurrency apps. Tipped off by npm researchers, makers of the Agama cryptocurrency wallets shifted $13 million worth of currency before adversaries could steal it.

23 Malicious RubyGems Packages Discovered

Packages were pulled from the public repository because they contained code for cryptomining or cookie/password stealing.


MARCH 2019

Backdoored RubyGems Package Allows Remote Code Execution

A malicious version of the popular bootstrap-sass package, downloaded a total of 28 million times to date, and with 1.6K dependencies, is published to the RubyGems repository. 



Malicious Package Injected Into Popular npm Package

The injected code in the event-stream package targets the Copay application and was designed to harvest account details and private keys from accounts having a balance of more than 100 Bitcoin or 1,000 Bitcoin Cash.

JULY 2018

Compromised JavaScript Package Caught Stealing npm Credentials

A hacker gains access to a developer’s npm account and injects malicious code into a popular JavaScript library called eslint-scope, a sub-module of the more famous ESLint, a JavaScript code analysis toolkit.

Homebrew Repository Compromised

A GitHub API token leaked from Homebrew’s Jenkins provided a security researcher with access to core Homebrew software repos.

“If I were a malicious actor, I could have made a small, likely unnoticed change to the openssl formulae, placing a backdoor on any machine that installed it,” researcher Eric Holmes explained.


JUNE 2018

Linux Distro Hacked on GitHub

Unknown individuals gain control of the Github Gentoo organization and modified the content of repositories as well as pages within — all code considered compromised.


MAY 2018

Backdoored npm Package Discovered

npm security team responds to reports the getcookies package, which contained malicious code that allowed remote users to execute arbitrary code on servers. The investigation also revealed that an existing package called mailparser began listing http-fetch-cookies as a dependency. Despite being deprecated, mailparser still receives about 64,000 weekly downloads.

Backdoored PyPI Package Discovered

Python module ssh-decorator backdoored to collect users' SSH credentials and sent the data to a remote server.



Deleted GitHub Account Resurrected by Unknown User

After a developer deleted their go-bindata GitHub account, someone immediately grabbed the ID — inheriting the karma instilled in that ID and calling into question packages and sources.

npm Credentials Intentionally Compromised

A malicious version of a package from a core contributor to the conventional-changelog ecosystem is published. The package was installed 28,000 times in 35 hours and executed a Monero crypto miner.



“I’m harvesting credit card numbers and passwords from your site. Here’s how.”

David Gilbertson writes a fictional tale on his blog about creating a malicious npm package.



PyPI Typosquat

10 malicious Python packages found with misspelled names intentionally chosen to trick users. Evidence of the fake packages being incorporated into software was noted multiple times between June and Sept 2017.

JULY 2017

Typosquatting Attack on npm

39 packages harvested undetected over two weeks, collecting credentials used to publish to the npm repository itself.

npm Credentials Published Online

Affects access to 14% of the npm repo (79K packages). As a result, npm reset the passwords and auth tokens of over 1,000 developers.

17 Backdoored Images Created on Docker Hub

Username docker123321 uploads backdoored container images used to install reverse shells and cryptocurrency miners on users' servers. Images not removed until June 2018. The same username is later accused of poisoning a Kubernetes honeypot (Jan. 2018) and equated to a crypto-mining botnet (May 2018).


Additional Resources


2021 State of the Software
Supply Chain Report

Sonatype’s report blends a broad set of data to reveal important findings about open source and its increasingly important role in digital innovation.


What is Sonatype Intelligence?

See how artificial intelligence and machine learning that never stops learning, plus 65 world class professionals with 500+ years of experience lead to the best data in the industry. 

Scanner Icon

Are Your Applications Secure?

Are you at risk of a software supply chain hack? Try Sonatype Vulnerability Scanner for FREE to find out if your software has any open source security vulnerabilities.

Ready to Try Sonatype?

Secure and automate your software supply chain.