The Proliferation Of Open Source Malware

Uploaded on 2024-12-17 in TECHNOLOGY--Developments, NEWS-Cybersecurity News, FREE TO VIEW

The end-to-end software supply chain security platform, Sonatype, has published its 10th annual 2024 Open Source Malware Threat Report, citing that malicious packages reached more than 778,500 since the company started tracking in 2019. 

Open source malware has been proliferating and Sonatype  has analysed open source malware in 2024, investigating  how threat actors use malicious open source packages to target developers as enterprises rely on open source components to build custom AI models.

This year, Sonatype researchers have uncovered  major campaigns, notably including the PyPl crypto stealer, a new attack using LUMMA malware and the solana-py tposquat malware. 

Analysing open source malware data and trends in 2024, Sonatype researchers found: 

  • Popular open-source code registry now represents 98.5% of malicious packages observed. The JavaScript ecosystem’s massive 70% growth in download requests combined, largely due to AI and spam, with minimal verification processes for new packages make it a popular target for threat actors.
  • PUAs (Potentially Unwanted Applications) represent the bulk of open source malware activity (64.75%). These can contain spyware, adware, or tracking components that would compromise the security and privacy of end users. Other prevalent types of open source malware include security holdings packages (24.2%) and data exfiltration (7.86%).
  • Government organisations are defending against the lion’s share of open source malware attacks. Sonatype helped customers block more than 450,000 malware attacks in 2024 — 67.31% at government organisations, 24% at financial services companies, and 2.15% in the energy, oil & gas sector.
  • Shadow downloads increased 32.8% over the past year. Open source malware is increasingly being downloaded directly to developer machines through “shadow downloads” which bypass software repository policies and security checkpoints.

In comment, Brian Fox, CTO and Co-Founder at Sonatype said  “Software developers have become the prime target for the next evolution of software supply chain attacks... Open source malware is uniquely nefarious, it sits between endpoint solutions, which can’t detect this method of delivery, and traditional vulnerability analysis."

“Too many enterprises treat open source malware like vulnerabilities in code, waiting to catch bugs during scanning which is too late. It is imperative for organisations to take a proactive approach, preventing consumption of open source malware before it enters their development pipelines.” Fox concludes.

Sonatype has provided annual analyses of open source consumption data,r releasing its State of the Software Supply Chain Report. This year’s report found a 156% increase in open source malware over 2023, and Sonatype estimates 50% of unprotected repositories already have cached open source malware.

For a detailed review  on open source malware in 2024 click HERE  

Image: @Sonatype

You Might Also Read:

Strengthen Software Supply Chain & Governance For Better AI System Cybersecurity:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Challenges Of Middle Management In Email Cybersecurity
General Motors Writes-Off $5bn On Robot Taxis »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ANS Group

ANS Group

ANS are a strong team of straight-talking tech and business experts. Our mission is to make digital transformation accessible to all.

Group-IB

Group-IB

Group-IB is a leading provider of solutions dedicated to detecting and preventing cyberattacks, identifying online fraud, investigating high-tech crimes, and protecting intellectual property.

IT Security Guru

IT Security Guru

IT Security Gurus publish daily breaking news. interviews with the key thinkers in IT security, videos and the top 10 stories as picked by our Editor.

Coro Cybersecurity

Coro Cybersecurity

Coro (formerly Coronet) empowers organizations to protect against malware, ransomware, phishing, and botnets - across devices, users, and cloud applications.

Intel Capital

Intel Capital

Intel Capital, Intel's strategic investment organization, backs innovative technology startups and companies worldwide. We invest in a broad range of hardware, software, and services.

Cyber Smart Defense

Cyber Smart Defense

Cyber Smart Defense is a specialist provider of penetration testing services and IT security audits.

Datrix

Datrix

Datrix is a leading Smart Infrastructure and Cyber Security solutions provider. We deliver critical networking, communications and cyber security solutions to public and private sector organisations.

Cyber Lockout

Cyber Lockout

Comprehensive ransomware insurance and preventative cybersecurity technology solution, working together to help protect businesses 24/7/365.

Blacksands

Blacksands

Blacksands is a leader in network architecture, identity & services management, threat analysis, industrial IoT architecture, and invisible dynamic networks.

WhiteJar

WhiteJar

WhiteJar offers an innovative approach to modern cybersecurity needs, empowering Ethical Hackers within its unique crowd platform.

CyberQP

CyberQP

CyberQP (formerly Quickpass Cybersecurity) provide Privileged Access Management built for MSPs. Our system is designed to reduce ransomware and social engineering attack risks.

Involta

Involta

Involta orchestrates IT transformation journeys using well-defined and rigorous processes to deliver hybrid cloud solutions, consulting and data center services tailored to our clients’ needs.

Abacus Group

Abacus Group

Abacus Group is a global IT services firm for alternative investment firms, providing an enterprise technology platform specifically designed to meet the unique needs of financial services.

aFFirmFirst

aFFirmFirst

aFFirmFirst is a unique software solution offering a simple yet effective way for businesses to protect and control their online images and logo, as well as allowing one-click website verification.

Codenotary

Codenotary

Codenotary provide a comprehensive suite of verification and enforcement services to guarantee the integrity of your software throughout its entire lifecycle.

CyberSecAsia

CyberSecAsia

CyberSecAsia series conference is the one and only decision-makers gathering for CISO and info security experts in Asia.