This Week in Malware – Over 50 Packages Discovered

/in


This week in malware, we discovered and analyzed nearly five dozen packages flagged as malicious, suspicious, or dependency confusion attacks in npm and PyPI registries.

Malicious packages caught by Sonatype
We caught the following this week via Sonatype’s automated malware detection system, offered as a part of Nexus Firewall:

4c656f_react_ui_kit
4ff-lib-foundation
@behemothx00/webpinger
@behemothx00/webpinger1
@ext-scoped/with-export-map
@malware-test-azyme-luted-specs-ovule/test-mlw3-azyme-luted-specs-ovule
@malware-test-chiao-tikka-kicks-betel/test-mlw3-chiao-tikka-kicks-betel
@malware-test-corns-anise-mbira-atimy/test-mlw3-corns-anise-mbira-atimy
@malware-test-fizzy-pivot-knarl-sural/test-mlw3-fizzy-pivot-knarl-sural
@malware-test-mopsy-broke-cloke-boree/test-mlw3-mopsy-broke-cloke-boree
@malware-test-steel-pitch-nurls-babus/test-mlw3-steel-pitch-nurls-babus
@moonactive-innersource/ins-profiles-service-sdk-nodejs
@notlila3821/public
@sbanken/ui-global
@sbanken/ui-global-test
@unity-hub-components/thumbnail
@unity-hub-components/tokens
@unity-hub-components/tooltip
FDKit
bmt-web-common
bxslider-4
discord-selfbot-v11
domain-registry
e2e-testss
ez222
fantastic-ascii
fca-sumi-remake
fortestpak
is-mlcs
khan-exercises
loveyogitajeet
nexusproto
path-core
pg-react-auth
pg-react-footer
pg-react-header
pg-react-navigation
pg-react-spinner
pg-styles
storj-billing
test-mlw1-bayou-eyrir-stirs-feral
test-mlw1-clour-dudes-kills-joule
test-mlw1-fizzy-pivot-knarl-sural
test-mlw1-steel-pitch-nurls-babus
test-mlw2-bayou-eyrir-stirs-feral
test-mlw2-chiao-tikka-kicks-betel
test-mlw2-clour-dudes-kills-joule
test-mlw2-corns-anise-mbira-atimy
test-mlw2-fizzy-pivot-knarl-sural
test-mlw2-plebs-twerp-hause-velds
test-mlw2-steel-pitch-nurls-babus
transversal-logs
truelayer-component-library
wasm-ion-schema-test
webp1nger
webpinger0

These discoveries follow our report last week of over 100 packages discovered.

Turn on Nexus Firewall for automatic protection
As a DevSecOps organization, we remain committed to identifying and halting attacks, such as those mentioned above, against open source developers and the wider software supply chain.

Users of Nexus Firewall can rest easy knowing that such malicious packages would automatically be blocked from reaching…

Source…