The Phylum report, which will be released tomorrow, shows that 324,301 spam packages were successfully published across ecosystems; of those, 613 packages targeted specific groups or organizations, and an alarming 14,535 packages executed suspicious code during the installation.
Further, attacks are becoming more sophisticated, with many luring unsuspecting developers to download malicious packages with file names like chatgpt, ai, and llm. Similar to phishing schemes, attackers are getting smarter about what developers are looking for in these open-source ecosystems and providing realistic-looking packages that seem harmless but have the power to unleash malware and even respawn old malware attacks. Late in Q2 2023, Phylum also identified a campaign that once again upped the sophistication over what has been previously seen.
Here is a link to the full report: https://blog.phylum.io/p/2f7e99f3-4959-4e69-a7b7-cf7131a69725/.
 |
Copyright © acrofan All Right Reserved
[CES 2021] LG Emphasized "Needs to Innovate Beyond..
[CES 2021] Sony Unveiled Its Latest Initiatives Sur..
Porsche Korea Presents the Global Artwork 'Dream B..
Porsche Korea Officially Launches the New Cayenne,..
G-Star 2019 : Global Game Exhibition for the Whole..
2019 LoL Champions Korea Spring Media Day
DISNEY+ Showcases Ambitious New Content Slate from..
eCommerce leader Coupang Dives into Video Streamin..