The Proliferation Of Open Source Malware

Uploaded on 2024-12-17 in TECHNOLOGY--Developments, NEWS-Cybersecurity News, FREE TO VIEW

The end-to-end software supply chain security platform, Sonatype, has published its 10th annual 2024 Open Source Malware Threat Report, citing that malicious packages reached more than 778,500 since the company started tracking in 2019. 

Open source malware has been proliferating and Sonatype  has analysed open source malware in 2024, investigating  how threat actors use malicious open source packages to target developers as enterprises rely on open source components to build custom AI models.

This year, Sonatype researchers have uncovered  major campaigns, notably including the PyPl crypto stealer, a new attack using LUMMA malware and the solana-py tposquat malware. 

Analysing open source malware data and trends in 2024, Sonatype researchers found: 

  • Popular open-source code registry now represents 98.5% of malicious packages observed. The JavaScript ecosystem’s massive 70% growth in download requests combined, largely due to AI and spam, with minimal verification processes for new packages make it a popular target for threat actors.
  • PUAs (Potentially Unwanted Applications) represent the bulk of open source malware activity (64.75%). These can contain spyware, adware, or tracking components that would compromise the security and privacy of end users. Other prevalent types of open source malware include security holdings packages (24.2%) and data exfiltration (7.86%).
  • Government organisations are defending against the lion’s share of open source malware attacks. Sonatype helped customers block more than 450,000 malware attacks in 2024 — 67.31% at government organisations, 24% at financial services companies, and 2.15% in the energy, oil & gas sector.
  • Shadow downloads increased 32.8% over the past year. Open source malware is increasingly being downloaded directly to developer machines through “shadow downloads” which bypass software repository policies and security checkpoints.

In comment, Brian Fox, CTO and Co-Founder at Sonatype said  “Software developers have become the prime target for the next evolution of software supply chain attacks... Open source malware is uniquely nefarious, it sits between endpoint solutions, which can’t detect this method of delivery, and traditional vulnerability analysis."

“Too many enterprises treat open source malware like vulnerabilities in code, waiting to catch bugs during scanning which is too late. It is imperative for organisations to take a proactive approach, preventing consumption of open source malware before it enters their development pipelines.” Fox concludes.

Sonatype has provided annual analyses of open source consumption data,r releasing its State of the Software Supply Chain Report. This year’s report found a 156% increase in open source malware over 2023, and Sonatype estimates 50% of unprotected repositories already have cached open source malware.

For a detailed review  on open source malware in 2024 click HERE  

Image: @Sonatype

You Might Also Read:

Strengthen Software Supply Chain & Governance For Better AI System Cybersecurity:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Challenges Of Middle Management In Email Cybersecurity
General Motors Writes-Off $5bn On Robot Taxis »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Security Stronghold

Security Stronghold

Security Stronghold is focused on protecting computers from malicious programs like viruses, Trojans, spyware, adware, trackware, keyloggers and other kinds of online threats.

Conference-Service

Conference-Service

Conference-Service provides a categorised calendar of conferences and events, including Information Security & Privacy.

EIT Digital

EIT Digital

EIT Digital is a leading digital innovation and entrepreneurial education organisation driving Europe’s digital transformation. Areas of focus include digital infrastructure and cyber security.

QSecure

QSecure

QSecure specializes in the provision of information security and risk management services.

Duality Technologies

Duality Technologies

Duality Technologies combine Advanced Cryptography with Data Science to deliver High-Performance Privacy-Protecting Computing to Regulated Industries.

Centraleyes

Centraleyes

Centraleyes (formerly CyGov) is a cutting-edge integrated cyber risk management platform that gives organizations unparalleled understanding of their cyber risk and compliance.

Onesecure Asia

Onesecure Asia

ONESECURE Asia’s expertise and services are built around its mission to provide reliable, robust and scalable technology solutions to cater for its customers’ needs.

The ATOM Group

The ATOM Group

ATOM builds and secures technology for regulated industries. We design and build for a future we can all trust.

Execweb

Execweb

Execweb are a cybersecurity executive network, comprised of 400+ security practitioners who work at Fortune 500 and SME companies.

Virtual Infosec Africa (VIA)

Virtual Infosec Africa (VIA)

Virtual InfoSec Africa (VIA) is a wholly-owned Ghanaian company specializing in information security and cybersecurity solutions and services.

X-Analytics

X-Analytics

X-Analytics is a cyber risk analytics application to create a better way for organizations to understand and manage cyber risk.

Redpoint Cybersecurity

Redpoint Cybersecurity

Redpoint Cybersecurity is a human-led, technology-enabled managed cybersecurity provider specializing in Digital Forensics, Incident Response and proactive cyberattack prevention.

EmberOT

EmberOT

EmberOT is at the forefront of operational technology (OT) security, offering cutting-edge solutions designed to protect critical infrastructure within energy, utilities, and manufacturing sectors.

Redapt

Redapt

Redapt is an end-to-end technology solutions provider that brings clarity to a dynamic technical environment.

System Two Security

System Two Security

System Two Security automates detection engineering and threat hunting.

enQase

enQase

enQase offers security beyond PQC; the only comprehensive, scalable solution that utilizes enhanced quantum technologies to protect data against current and future quantum threats.