This Week in Malware - Over Five Dozen More Packages Discovered

September 23, 2022 By Aaron Linskens

2 minute read time

This week in malware we discovered and analyzed over five dozen packages flagged as malicious, suspicious, or dependency confusion attacks.

Malicious packages caught by Sonatype

We caught the following this week via Sonatype’s automated malware detection system, offered as a part of Nexus Firewall:

692736baiahv
@dtci/eq-ui-lib
abclopurt
auth-ebay
avvpl-marvin
bjabaiabi
bjabaiheiiyuuui
brogan-ebay
burningred
ca-bucky-client
commons-ebay
commons-inc
conf-dep-test
cookies-ebay
dbcounter
dc-main
duckduckgo-privacy-extension
ebayui-ads
eip1193_provider_proxy
environment-ebay
experimental-entrevista-react-01
gatekeeper-ebay
gcdapi
gmx-arbitrum-referrals-staging
intercom-ui-ng2
ion-schema-sandbox
jaylen-db
jq-request
jqdc
legacy-client-ebay
logging-inc
melder
metrics-ebay
migrate-ux-react
module-config-inc
monitor-inc
morpherwallet-sdk
navigator-fingerprint-front
nimiqode
nodeexpressvulny
optimizer-plugin-inc
orangepay-ecommerce-sdk
pages-plugins-example
parity-signer
polls-front-core
protobuf-as
relap-adroom
relap-lk
sb1-atbyls-idanecoa
security-ebay
service-client-ebay
shubh
sp1
sparebank1
sso-ebay
test-dep-conf
test-mlw1-boxed-paver-hydra-yabby
test-mlw1-mases-beats-elves-exert
test-mlw1-stile-trull-graal-gyves
testoaa
venmo-emoji-list
vk-store-web-dev-console
webgl-profiler
zezedb

These discoveries follow our report last week of nearly 100 new packages.

Turn on Nexus Firewall for automatic protection

As a DevSecOps organization, we remain committed to identifying and halting attacks, such as those mentioned above, against open source developers and the wider software supply chain.

Users of Nexus Firewall can rest easy knowing that such malicious packages would automatically be blocked from reaching their development builds.

nexusfirewall

Nexus Firewall instances will automatically quarantine any suspicious components detected by our automated malware detection systems while a manual review by a researcher is in progress, thereby keeping your software supply chain protected from the start. 

Sonatype’s world-class security research data, combined with our automated malware detection technology safeguards your developers, customers, and software supply chain from infections.

Tags: vulnerabilities, PyPI, malware prevention, DevZone, This Week in Malware

Written by Aaron Linskens

Aaron is a technical writer on Sonatype's Developer Relations team. He works at a crossroads of technical writing, developer advocacy, software development, and open source. He aims to get developers and non-technical collaborators to work well together via experimentation, feedback, and iteration so they can build the right software.