惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Jina AI
Jina AI
宝玉的分享
宝玉的分享
Last Week in AI
Last Week in AI
Help Net Security
Help Net Security
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
人人都是产品经理
人人都是产品经理
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
GbyAI
GbyAI
博客园_首页
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
MongoDB | Blog
MongoDB | Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
L
LINUX DO - 最新话题
PCI Perspectives
PCI Perspectives
博客园 - 三生石上(FineUI控件)
V2EX - 技术
V2EX - 技术
Spread Privacy
Spread Privacy
T
Tor Project blog
量子位
阮一峰的网络日志
阮一峰的网络日志
S
SegmentFault 最新的问题
小众软件
小众软件
博客园 - 叶小钗
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Blog — PlanetScale
Blog — PlanetScale
H
Help Net Security
Y
Y Combinator Blog
N
News | PayPal Newsroom
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
T
Tenable Blog
Scott Helme
Scott Helme
G
GRAHAM CLULEY
大猫的无限游戏
大猫的无限游戏
aimingoo的专栏
aimingoo的专栏
IT之家
IT之家
Schneier on Security
Schneier on Security
F
Fortinet All Blogs
Martin Fowler
Martin Fowler
T
Threat Research - Cisco Blogs
博客园 - 司徒正美
Application and Cybersecurity Blog
Application and Cybersecurity Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Attack and Defense Labs
Attack and Defense Labs
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
The Last Watchdog
The Last Watchdog
L
LangChain Blog
C
Check Point Blog
Google Online Security Blog
Google Online Security Blog
V
Visual Studio Blog
Latest news
Latest news

2024 Sonatype Blog

Open Source, Open Infrastructure, and the Space Between Request for Comments: CARE and Maven Central Q2 2026 Open Source Malware Index AI Is Forcing a New Open Source Security Model Vulnerability Prioritization Is Missing the AI-Era Point The Hidden National Security Threat Inside AI-Driven Software Miasma Returns: Leo Platform Compromise in npm The Rise of Collective Defense for Open Source Signal Over Noise: Reachability Analysis Is the Reality Check SCA Has Been Missing Software Security Has to Start at Assembly easy-day-js Targets Mastra, Dependency Attacks Grow Open Publishing, Commercial Scale Software Dependency Cooldowns Are a Symptom, Not a Strategy Atomic Arch npm Campaign Adds Malicious Dependency From SBOMs to AI BOMs: Why SPDX 3.0 Matters Mythos Found 10,000 Vulnerabilities. The Bigger Challenge Is Fixing Them New Shai-Hulud Miasma Wave Hits Hundreds of npm Packages Lazarus Group's Latest: Brandjacking Campaign on npm 5 Steps to Turn Your RMF Backlog Into a Continuous ATO: The CSRMC Migration Playbook The AI Race Is Becoming a Remediation Race Red Hat Cloud Services npm Packages Hijacked Inside a 176-Package npm Campaign Built to Beat Your Internal Dependencies AI Is Making Software Autonomous, and Governance Must Follow Your Outdated Repository Still Works, But It May Not Be Safe Hijacked npm Package Attempts to Deliver PolinRider-Linked RAT AppSec Tools Explained: SAST vs SCA vs DAST | Sonatype Managing Open Source Software Risks With the HeroDevs EOL Dashboard Shai-Hulud is Back: Maintainer Accounts Are Still the Soft Target Building Trusted AI Development With Kiro and Sonatype Guide How to Build a Software Supply Chain Security Playbook The Mythos AI Vulnerability Storm: What to Do Next Malicious PyTorch Lightning Packages Found on PyPI Why Developer Experience Is the Foundation of DevSecOps Success Open is Not Costless: Reclaiming Sustainable Infrastructure Q1 Updates in Nexus Repository: More Formats, Stronger Operations, and a Better Day-to-Day Experience Self-Propagating npm Malware Turns Trusted Packages Into Attack Paths The Time Is Now to Prepare for CRA Enforcement Sonatype Innovate: Real Peer Connections, Real Product Influence, Real Recognition Mythos and the AI Vulnerability Storm: Exploring the Control Point When AI Writes Code, Who Governs the Dependencies? Why Software Supply Chain Security Requires a New Playbook Q1 2026 Open Source Malware Index: Adaptive Attacks Exploit Trust Modernizing Nexus Repository: Moving Beyond OrientDB AI, DevSecOps, and the Future of Application Security: The Gartner® Report How Sonatype's Container Scanning Protects You From Zero-Days Axios Compromise on npm Introduces Hidden Malicious Package Is Your Repository Ready for What's Next? Autonomous Development and AI: Speed vs. Security Grounded Intelligence Ensures Safe AI Software Development Compromised litellm PyPI Package Delivers Multi-Stage Credential Stealer Golden Pull Requests: Automating Trusted Remediation Without Breaking Builds Sonatype Discovers Two Malicious npm Packages
The Evolution of Open Source Malware: From Volume to Trust Abuse
Aaron Linskens · 2026-05-05 · via 2024 Sonatype Blog

Open source malware is no longer just a numbers game. What was once largely a volume problem — thousands of malicious packages flooding public registries through typosquatting, brandjacking, and low-effort deception — has become something more precise and dangerous.

Attackers no longer rely only on high-volume registry abuse. As shown in our Q1 2026 Open Source Malware Index, they exploit the trust developers place in familiar packages, known release paths, and automated workflows.

The result is a software supply chain threat that is quieter, more staged, and often harder to spot before damage is done. Malware is increasingly focused on developer machines, CI/CD environments, tokens, and credentials.

The question is no longer if malicious packages exist in public ecosystems but if your organization can stop them before they reach developers and build systems.

Attackers Are Exploiting Trust, Not Just Code

Unlike vulnerabilities — which are unintentional flaws — open source malware is deliberately designed to cause harm, which changes how it must be defended against.

Malware is increasingly embedded in places developers expect to be safe, including:

  • Trusted-looking packages that appear legitimate.

  • Release paths that inherit credibility from maintainers, accounts, or build systems.

  • Developer workflows where install scripts, build steps, and CI jobs can access credentials and secrets.

Reputation alone is no longer enough. A familiar package name, a widely used ecosystem, or an historically trusted maintainer does not guarantee safety. Attackers are deliberately positioning themselves inside those trust signals, making it critical to verify what you consume.

Developer Machines and CI/CD Environments Are the Target

In 2025, Sonatype identified over 454,600 new malicious packages, pushing the total beyond 1.233 million and signaling a shift toward sustained, industrialized attacks on the software supply chain.

Threat actors now focus on developer machines and CI/CD environments, where high-value assets live: tokens, credentials, environment variables, and access to release systems.

When a malicious package executes during install, compromise can happen before any release-time scan runs.

As a result, end-of-pipeline security is no longer sufficient. By then, malware may have already executed, exfiltrated secrets, or established persistence.

Malware Is Becoming More Staged and Persistent

Open source malware has evolved from simple credential theft into multi-stage attacks designed to persist and spread.

Modern campaigns now:

  • Use stolen credentials to move laterally and escalate access.

  • Download secondary payloads and establish persistence.

  • Hide activity by removing or obfuscating malicious traces.

These patterns are already visible in real-world attacks, as seen in the examples that follow.

SANDWORM_MODE Shows Malware Becoming More Adaptive

SANDWORM_MODE highlights the shift from simple credential theft to adaptive, multi-stage attacks. It used obfuscation and delayed execution to evade detection, then harvested secrets, modified dependencies, and injected itself into developer workflows to spread.

Notably, it also targeted AI tooling, signaling how attackers are adapting to modern developer environments. That points to where open source malware may be heading next: attacks that are not only automated, but adaptive to the developer environment they land in.

Trusted Release Paths Are Now Attack Surfaces

The Trivy and LiteLLM compromise shows how attackers are shifting from fake packages to trusted release paths.

By abusing automation, service accounts, and tokens, attackers can inherit built-in trust and spread widely across pipelines and downstream projects.

The result is a much larger blast radius, making release infrastructure and workflows a critical part of the attack surface.

The Axios Attack Shows the Risk of Small Dependency Changes

The axios compromise shows how minimal changes can create major risk.

Instead of altering the package itself, attackers introduced a malicious dependency that executed on install, deployed a secondary payload, and removed traces of its activity.

This highlights the danger of transitive dependencies, even trusted packages can introduce risk through what they pull in.

Dependency Governance Has to Move Earlier

Organizations need to evaluate dependencies before they are installed. If malicious code executes during installation, security decisions must happen before packages reach developer machines or CI/CD environments.

That requires controlled pathways for open source consumption, including:

  • Proxy repositories that mediate access to public registries.

  • Policy enforcement to block or quarantine suspicious packages.

  • Malware detection at the point of ingestion.

  • Repository controls that govern what can be introduced into development.

It also means looking beyond direct dependencies. Transitive dependencies, install scripts, release metadata, publishing behavior, and unusual changes all need to be inspected to catch risk early.

Treat Development Environments as High-Value

Developer and CI/CD environments should be protected with the same rigor as production systems. These environments hold high-value assets like credentials, tokens, and access to release pipelines, making them prime targets for modern malware.

That means putting core protections in place, including:

  • Limiting credential exposure.

  • Enforcing least-privilege access.

  • Monitoring for unusual behavior.

  • Rotating secrets quickly and in a coordinated way.

Trust alone is no longer a reliable defense. Popular packages, maintainer accounts, and transitive dependencies can all introduce hidden risk. The goal is not to reduce open source usage, but to consume it safely with controls that allow developers to move quickly without blindly trusting what looks familiar.

Secure the Software Supply Chain Before Code Reaches Production

Open source malware has shifted from high-volume abuse to targeted trust exploitation — focusing on developer workflows, release paths, and early-stage environments.

Defending against it means moving security earlier: screen components before use, inspect transitive dependencies, protect developer environments, and replace assumed trust with continuous verification.

The organizations that succeed won't avoid open source. They'll consume it safely.

To learn more about the evolution of open source malware what you can do now, watch our full webinar on-demand.

Tags

secure software supply chain webinars dependencies developers Events and Webinars supply chain attacks malware prevention open source malware