This Week in Malware - Over 70 Packages Discovered

October 28, 2022 By Aaron Linskens

2 minute read time

This week in malware, we discovered and analyzed six dozen packages flagged as malicious, suspicious, or dependency confusion attacks in npm and PyPI registries.

Moving forward, we will continue to disclose and investigate malware as usual, but we will provide this list of discovered packages in a monthly cadence.

Malicious packages caught by Sonatype

We caught the following this week via Sonatype’s automated malware detection system, offered as a part of Nexus Firewall:

254-shades-of-grey
@absis/core-service
@malware-test-agila-baffy-merks-lurks/test-mlw3-agila-baffy-merks-lurks
@malware-test-amend-boule-voile-caboc/test-mlw3-amend-boule-voile-caboc
@orlserg32112/socket-test-vulndep
@syn-ack-zack/fusioncharts-enterprise
aae-stream
anchor-lang
asteroid-filterbank
boost-for-react-native
ceedee
chimera-dom
dapp2nix
discord-leveldb-dump
discord-thief
ganjakha1234
griffin-content-client
griffin-content-react
hanjibros
jibro1test
khashayar2b
lambda-pipeline-construct
maven-compiler-plugin
maven-fluido-skin
newrelic-timing
not_lost
portableonboarding
react-redux-4
reactive-cashflow
s3mock-testsupport-common
safe-nonce-6218
safe-nonce-7218
spring-boot-devtools
surveyoptic
tazrim
test-mlw1-agila-baffy-merks-lurks
test-mlw1-booth-kiddy-beret-unbid
test-mlw1-fezes-rucks-blurs-saugh
test-mlw1-miter-fient-summa-lager
test-mlw2-booth-kiddy-beret-unbid
test-mlw2-gloat-skiey-sposh-skids
test_1_55
test_1_56
test_1_59
test_1_60
test_1_61
tttestsupport-common
ty-cdn
ui-ace
venmo-emoji-list
wormhole-chain-sdk

These discoveries follow our report last week of nearly 40 packages discovered.

Turn on Nexus Firewall for automatic protection

As a DevSecOps organization, we remain committed to identifying and halting attacks, such as those mentioned above, against open source developers and the wider software supply chain.

Users of Nexus Firewall can rest easy knowing that such malicious packages would automatically be blocked from reaching their development builds.

blog-security-bad-component-vulnerability-scanning-100

Nexus Firewall instances will automatically quarantine any suspicious components detected by our automated malware detection systems while a manual review by a researcher is in progress, thereby keeping your software supply chain protected from the start. 

Sonatype’s world-class security research data, combined with our automated malware detection technology safeguards your developers, customers, and software supply chain from infections.

Tags: vulnerabilities, npm, PyPI, malware prevention, DevZone, This Week in Malware

Written by Aaron Linskens

Aaron is a technical writer on Sonatype's Developer Relations team. He works at a crossroads of technical writing, developer advocacy, software development, and open source. He aims to get developers and non-technical collaborators to work well together via experimentation, feedback, and iteration so they can build the right software.