This Week in Malware, highlights include malicious npm package 'flame-vali' that claims to let developers "bypass any request proxys." But that's not quite the case. And, some more dependency confusion packages caught by us.
1. npm package attempts to kill Windows Defender
Sonatype security researcher Carlos Fernandez analyzed the 'flame-vali' package which has been assigned sonatype-2022-3346 in our security research data.
Check out the dedicated blog post to learn more.
2. Python devs using AIOHTTP repeatedly targeted
We have previously disclosed counterfeit PyPI packages imitating legitimate libraries like AIOHTTP and the trend hasn't slowed down, with more such typosquatting malware being published to PyPI:
Additionally, the following malicious PyPI packages were reported by us to PyPI this week:
3. Dependency confusion packages
This week's list of npm dependency confusion packages caught and reported by us includes:
Nexus Firewall users remain protected
These discoveries follow our last week's report on several dozen malicious packages including '@core-pas/cyb-core' that attempts to exfiltrate several sensitive assets from a user's system:
Users of Nexus Firewall can rest easy knowing that such malicious packages would automatically be blocked from reaching their development builds.
Nexus Firewall instances will automatically quarantine any suspicious components detected by our automated malware detection systems while a manual review by a researcher is in the works, thereby keeping your software supply chain protected from the start.
Sonatype’s world-class security research data, combined with our automated malware detection technology safeguards your developers, customers, and software supply chain from infections.