News and Notes from the Makers of Nexus | Sonatype Blog

Ax Sharma

Ax is a Security Researcher at Sonatype and Engineer who holds a passion for perpetual learning. His works and expert analyses have frequently been featured by leading media outlets. Ax's expertise lies in security vulnerability research, reverse engineering, and software development. In his spare time, he loves exploiting vulnerabilities ethically and educating a wide range of audiences.

Malicious ‘aptX’ Python package drops Meterpreter shell, deletes ‘netstat’

By Ax Sharma on February 08, 2023 Known Vulnerabilities

4 minute read time

Sonatype identified malicious Python packages on the PyPI software registry that carried out multiple nefarious activities.

Read More...

This Week in Malware—Ongoing Dependency Confusion

By Ax Sharma on September 09, 2022 vulnerabilities

4 minute read time

This week in malware, Sonatype's automated malware detection systems have spotted over four dozen dependency confusion candidates.

Read More...

More than 200 cryptomining packages flood npm and PyPI registry

By Ax Sharma on August 19, 2022 vulnerabilities

5 minute read time

More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.

Read More...

PyPI package 'secretslib' drops fileless Linux malware to mine monero

By Ax Sharma on August 11, 2022 vulnerabilities

7 minute read time

Sonatype identified a 'secretslib' PyPI package that covertly installs cryptominers on Linux systems.

Read More...

Ransomware in PyPI: Sonatype spots 'Requests' typosquats

By Ax Sharma on August 02, 2022 vulnerabilities

7 minute read time

Sonatype has spotted multiple typosquats of the popular Python library, 'requests' that contain ransomware scripts.

Read More...

StringJS typosquat deploys Discord infostealer obfuscated five times

By Ax Sharma on July 26, 2022 vulnerabilities

4 minute read time

An npm package called 'stringjs_lib' identified by Sonatype this week typosquats the popular npm library 'string' (or StringJS) to ship an obfuscated info-stealer obfuscated not one, five times.

Read More...

This Week in Malware — John Deere dependency confusion attempt and more

By Ax Sharma on July 22, 2022 vulnerabilities

2 minute read time

We discovered and analyzed 17 packages, at least a dozen of which were dependency confusion PoCs directly targeting the agricultural equipment giant John Deere (Deere & Company). An additional 42

Read More...

John Deere dependency confusion attempt flagged by Sonatype

By Ax Sharma on July 21, 2022 vulnerabilities

3 minute read time

Sonatype identified 17 npm packages, at least 12 of which directly target John Deere's private npm dependencies via dependency confusion, a technique that continues to repeatedly be employed by bug

Read More...

This Week in Malware — July 15th edition

By Ax Sharma on July 15, 2022 vulnerabilities

2 minute read time

This Week in Malware we identified over 34 npm and PyPI packages that are either dependency confusion candidates, prank packages, contain PoC reverse shell code, or otherwise contain extensive

Read More...

Previous Next

Ax Sharma

Malicious ‘aptX’ Python package drops Meterpreter shell, deletes ‘netstat’

This Week in Malware—Ongoing Dependency Confusion

More than 200 cryptomining packages flood npm and PyPI registry

PyPI package 'secretslib' drops fileless Linux malware to mine monero

Ransomware in PyPI: Sonatype spots 'Requests' typosquats

StringJS typosquat deploys Discord infostealer obfuscated five times

This Week in Malware — John Deere dependency confusion attempt and more

John Deere dependency confusion attempt flagged by Sonatype

This Week in Malware — July 15th edition

Secure your software supply chain

Subscribe for all the latest software security news and events