This Week in Malware - Nearly 40 packages discovered

October 21, 2022 By Aaron Linskens

2 minute read time

Warning message on a screen, hands thrown up in frustration

This week in malware, we discovered and analyzed nearly 40 packages flagged as malicious, suspicious, or dependency confusion attacks in npm and PyPI registries.

Malicious packages caught by Sonatype

We caught the following this week via Sonatype's automated malware detection system, offered as a part of Sonatype Repository Firewall:

@behemothx00/cacademee

@behemothx00/webpinger

@behemothx00/webpinger1

@ibmsss/test

@malware-test-jiaos-sluse-tired-haulm/test-mlw3-jiaos-sluse-tired-haulm

@malware-test-jujus-plied-glops-jiver/test-mlw3-jujus-plied-glops-jiver

@malware-test-mixed-first-snees-kibes/test-mlw3-mixed-first-snees-kibes

@malware-test-tanga-pence-dance-muist/test-mlw3-tanga-pence-dance-muist

aae-stream

asdljnsdl

aspect-node-playground

b2-sdk-python

ceedee

discord.js-lukyy

evm-script-decoder

faizee.asad

iamvpnlibrary

inbm-lib

kash1338

kashem1337

kashm1337

luciad

my-little-snippet

ololol

pp31338

protonvpn-nm-lib

pyproximabe

rabin-sharmakobau

raspius

sdljnsdl

sfox-ecdsa

tesla-faas2

test-mlw1-jujus-plied-glops-jiver

test-mlw1-murva-laugh-palps-peace

test-mlw1-table-araba-druse-stich

trin-axios

webp1nger

These discoveries follow our report last week of over 50 packages discovered.

Turn on Sonatype Repository Firewall for automatic protection

As a DevSecOps organization, we remain committed to identifying and halting attacks, such as those mentioned above, against open source developers and the wider software supply chain.

Users of Sonatype Repository Firewall can rest easy knowing that such malicious packages would automatically be blocked from reaching their development builds.

article - repo firewall flowchart

Sonatype Repository Firewall instances will automatically quarantine any suspicious components detected by our automated malware detection systems while a manual review by a researcher is in progress, thereby keeping your software supply chain protected from the start.

Sonatype's world-class security research data, combined with our automated malware detection technology safeguards your developers, customers, and software supply chain from infections.

Tags: vulnerabilities, npm, PyPI, malware prevention, DevZone, This Week in Malware

Written by Aaron Linskens

Aaron is a technical writer on Sonatype's Marketing team. He works at a crossroads of technical writing, developer advocacy, software development, and open source. He aims to get developers and non-technical collaborators to work well together via experimentation, feedback, and iteration so they can build the right software.

Learn more on: