Open Source Malware on the Rise
Open source malware refers to malicious code hidden within publicly shared software packages on platforms like npm, PyPI, and Hugging Face.
These platforms host free tools that developers use, making them an easy target for criminals to slip harmful code into trusted systems.
Alarming Statistics
Sonatype's latest Open Source Malware Index recorded 34,319 malicious open source packages in the third quarter of this year, with a total of 877,522 malicious packages found in the last 6 years.
Attackers are now patient and well organised, using AI to embed malware directly into the tools developers rely on.
New Generation of Malware
This new generation of malware is designed to look ordinary while stealing data or keeping long-term access to systems, focusing on stealth rather than noisy attacks.
- 34,319 malicious open source packages recorded in Q3
- 877,522 malicious packages found in the last 6 years
Author's summary: Open source malware is on the rise, with attackers using AI to embed harmful code into trusted systems.