Phylum Research: Open-Source Software Ecosystems Under Fire

Published : Tuesday, July 25, 2023, 1:09 pm
ACROFAN=Newswire | | SNS
Software developers have become high-value targets for malware attacks, and open-source software ecosystems are the new "watering hole" where hackers find their victims. That's the key takeaway from a new research report from that analyzes roughly 179 million open-source software files across 2.5M package publications in the top open-source ecosystems: NPM, PyPI, RubyGems, Nuget, Golang, Cargo, and Maven.

The Phylum report, which will be released tomorrow, shows that 324,301 spam packages were successfully published across ecosystems; of those, 613 packages targeted specific groups or organizations, and an alarming 14,535 packages executed suspicious code during the installation.

Further, attacks are becoming more sophisticated, with many luring unsuspecting developers to download malicious packages with file names like chatgpt, ai, and llm. Similar to phishing schemes, attackers are getting smarter about what developers are looking for in these open-source ecosystems and providing realistic-looking packages that seem harmless but have the power to unleash malware and even respawn old malware attacks. Late in Q2 2023, Phylum also identified a campaign that once again upped the sophistication over what has been previously seen.

Here is a link to the full report:


Copyright © acrofan All Right Reserved

    Acrofan     |     Contact Us :     |     Contents API : RSS

Copyright © Acrofan All Right Reserved