Open Source Malware on the Rise
Open source malware refers to malicious code hidden within software packages shared publicly on platforms like npm, PyPI, and Hugging Face.
These platforms host free tools that developers use, making them an easy target for criminals who want to slip harmful code into trusted systems.
Alarming Statistics
Sonatype's latest Open Source Malware Index recorded 34,319 malicious open source packages in the third quarter of this year, with a total of 877,522 malicious packages found in the last 6 years.
Attackers are now patient and well organised, using AI to embed malware directly into the tools developers rely on.
New Generation of Malware
This new generation of malware is designed to look ordinary while stealing data or keeping long-term access to systems, focusing on stealth rather than noisy attacks.
Author's summary: Open source malware is increasing rapidly.