Sonatype’s OS Malware Index reveals record growth in sophisticated, stealth-first attacks — driven by campaigns targeting npm like the chalk and debug hijack and Shai-Hulud.

Fulton, Md. – October 15, 2025 – Sonatype®, the leader in AI-centric DevSecOps, today released the Open Source Malware Index, Q3 2025, which analyzed 34,319 open source malware packages discovered by Sonatype across major open source registries including npm, PyPI, Hugging Face, and more. This quarter’s count brings the total number of malicious packages Sonatype has discovered to 877,522 since 2019. 

“The era of noisy, opportunistic malware is over. Attackers are patient, organized, and increasingly using AI to embed themselves inside the very tools developers rely on,” said Brian Fox, CTO and Co-founder of Sonatype. “They’re hiding malicious payloads in plain sight, turning trusted open source dependencies into delivery mechanisms for data theft and persistence. Defenders need to match that sophistication with AI-driven visibility and proactive controls that stop threats before they ever reach a developer’s environment.”

npm Supply Chain Attacks Expose New Frontlines

A series of npm attacks illustrate a dangerous escalation: attackers are no longer just inserting malicious code into the ecosystem — they’re turning the supply chain itself into a weapon. The chalk and debug package hijack campaign, which impacted components that see more than 2 billion weekly downloads, demonstrated how attackers can subvert legitimate projects to distribute malware at scale. Meanwhile, the unprecedented Shai-Hulud campaign exhibited worm-like behavior that allowed malicious code to self-propagate across repositories, exfiltrate credentials, and publish new compromised packages. 

Data Becomes the Ultimate Target

In Q3, data exfiltration malware accounted for 37% of all malicious open source packages detected, underscoring what previous quarters have shown: there is a growing trend toward intelligence-gathering, espionage, and monetization of stolen data. Adversaries are targeting developer credentials, access tokens, and proprietary information, transforming open source ecosystems into rich hunting grounds for data-driven exploitation.

Multi-Stage and Stealth-First Attacks Reveal New Standard for Sophistication

Droppers, which act as lightweight delivery mechanisms that install secondary payloads such as backdoors or info-stealers, skyrocketed in Q3, making up nearly 38% of all threats, while backdoor-laden packages grew 143% quarter-over-quarter. This indicates a strategic evolution in that adversaries are increasingly building multi-stage malware that installs, hides, and maintains long-term access, posing as benign dependencies. 

The Commoditization and Decline of Low-Effort Malware

Once a dominant category, cryptominers accounted for just 4% of malicious packages in Q3, down from 6% last quarter. This decline reflects the commoditization of simple malware — attackers no longer find value in easily detectable, one-dimensional exploits. Instead, they’re investing in stealth, persistence, and long-term financial return. 

Sonatype Security Research leads the industry in open source malware threat research, tracking malicious open source since 2019. Repository Firewall is the industry’s only solution designed to block malicious open source components and AI models before they attack developers through AI-powered behavioral analytics and automated policy enforcement. Backed by Sonatype’s industry-leading security research team, Sonatype Repository Firewall helped customers prevent 110,370 open source malware attacks in Q3 of this year, with 47% of those attacks facing financial services organizations. 

For more details and access to the latest Open Source Malware Index data, visit https://www.sonatype.com/blog/open-source-malware-index-q3-2025. 

About Sonatype 

Sonatype is the leader in AI-centric DevSecOps. As the maintainers of Maven Central and creators of Nexus Repository, Sonatype has spent two decades pioneering how the world manages and secures open source software — making Sonatype the trusted authority for modern software supply chains. With unmatched open source visibility and a unified product suite built for modern software development, Sonatype gives enterprises the intelligence and automated governance they need to harness the full potential of open source and AI. Sonatype handles the complexity behind the scenes: guiding component and model selection, blocking harmful malicious code, automating dependency and vulnerability management, and ensuring faster, more reliable builds — so developers spend more time on innovation and less time on remediation and rework. Trusted by more than 15 million developers, Sonatype helps power secure, modern software development at nearly 2,000 global organizations including 70% of the Fortune 100. To learn more about Sonatype, please visit www.sonatype.com.