The Proliferation Of Open Source Malware

Uploaded on 2024-12-17 in TECHNOLOGY--Developments, NEWS-Cybersecurity News, FREE TO VIEW

The end-to-end software supply chain security platform, Sonatype, has published its 10th annual 2024 Open Source Malware Threat Report, citing that malicious packages reached more than 778,500 since the company started tracking in 2019. 

Open source malware has been proliferating and Sonatype  has analysed open source malware in 2024, investigating  how threat actors use malicious open source packages to target developers as enterprises rely on open source components to build custom AI models.

This year, Sonatype researchers have uncovered  major campaigns, notably including the PyPl crypto stealer, a new attack using LUMMA malware and the solana-py tposquat malware. 

Analysing open source malware data and trends in 2024, Sonatype researchers found: 

  • Popular open-source code registry now represents 98.5% of malicious packages observed. The JavaScript ecosystem’s massive 70% growth in download requests combined, largely due to AI and spam, with minimal verification processes for new packages make it a popular target for threat actors.
  • PUAs (Potentially Unwanted Applications) represent the bulk of open source malware activity (64.75%). These can contain spyware, adware, or tracking components that would compromise the security and privacy of end users. Other prevalent types of open source malware include security holdings packages (24.2%) and data exfiltration (7.86%).
  • Government organisations are defending against the lion’s share of open source malware attacks. Sonatype helped customers block more than 450,000 malware attacks in 2024 — 67.31% at government organisations, 24% at financial services companies, and 2.15% in the energy, oil & gas sector.
  • Shadow downloads increased 32.8% over the past year. Open source malware is increasingly being downloaded directly to developer machines through “shadow downloads” which bypass software repository policies and security checkpoints.

In comment, Brian Fox, CTO and Co-Founder at Sonatype said  “Software developers have become the prime target for the next evolution of software supply chain attacks... Open source malware is uniquely nefarious, it sits between endpoint solutions, which can’t detect this method of delivery, and traditional vulnerability analysis."

“Too many enterprises treat open source malware like vulnerabilities in code, waiting to catch bugs during scanning which is too late. It is imperative for organisations to take a proactive approach, preventing consumption of open source malware before it enters their development pipelines.” Fox concludes.

Sonatype has provided annual analyses of open source consumption data,r releasing its State of the Software Supply Chain Report. This year’s report found a 156% increase in open source malware over 2023, and Sonatype estimates 50% of unprotected repositories already have cached open source malware.

For a detailed review  on open source malware in 2024 click HERE  

Image: @Sonatype

You Might Also Read:

Strengthen Software Supply Chain & Governance For Better AI System Cybersecurity:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Challenges Of Middle Management In Email Cybersecurity
General Motors Writes-Off $5bn On Robot Taxis »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Red Hat

Red Hat

Red Hat is a leader in open source software development. Our software security team proactively identifies weaknesses before they become problems.

Security Innovation

Security Innovation

Security Innovation is a leader in software security assessments and application security training to top organizations worldwide.

ForgeRock

ForgeRock

ForgeRock, the leader in digital identity, delivers comprehensive Identity and Access Management solutions for consumers, employees and things to simply and safely access the connected world.

Fasoo

Fasoo

Fasoo provides data-centric security to protect data within the organizational perimeter and beyond by limiting access to sensitive data according to policies that cover both users and activities.

Mitek Systems

Mitek Systems

Mitek's global mobile capture and identity verification technology optimizes the digital user experience for thousands of financial services organizations.

CSIRT GOV - Poland

CSIRT GOV - Poland

Computer Security Incident Response Team CSIRT GOV, run by the Head of the Internal Security Agency, acts as the national CSIRT responsible for coordinating the response to computer incidents.

LEADS

LEADS

LEADS is considered as a leading ICT Solution Provider and an IT partner of choice in Bangladesh.

Gita Technologies

Gita Technologies

Gita Technologies works to create integrated solutions to the thorniest problems in the field of intelligence and cyber today.

Consensys

Consensys

ConsenSys is a global blockchain company. We develop enterprise applications, invest in startups, build developer tools, and offer blockchain education.

Blackfoot Cybersecurity

Blackfoot Cybersecurity

At Blackfoot, we work in partnership with you to deliver on-demand cyber security expertise and assurance, keeping you one step ahead of threats & compliant with regulations.

HENSOLDT Cyber

HENSOLDT Cyber

HENSOLDT Cyber introduces a paradigm shift to cyber security. Our products have been designed to ensure the integrity of embedded systems at the core: the operating system and the processor.

Titan Labs

Titan Labs

Titan Labs is a Cyber Security Consultancy that provides advice and technical expertise to government, international finance and telecommunications providers.

Recon InfoSec

Recon InfoSec

The Recon InfoSec team includes analysts, architects, engineers, intrusion specialists, penetration testers, and operations experts.

ORS Consulting

ORS Consulting

ORS Consulting is a specialist provider of risk management advisory services supporting asset-intensive industries such as chemicals, energy, power and utilities, defence and maritime.

Ruptura InfoSecurity

Ruptura InfoSecurity

Ruptura InfoSecurity provide CREST Accredited Penetration Testing & Offensive Security Services. We secure your critical assets through targeted and research driven penetration testing.

Night Lion Security

Night Lion Security

Night Lion Security provides discreet and bespoke investigation and incident response recovery services.