Featured Article
Introducing our 9th annual State of the Software Supply Chain report
Malicious ‘aptX’ Python package drops Meterpreter shell, deletes ‘netstat’
4 minute read time
Sonatype identified malicious Python packages on the PyPI software registry that carried out multiple nefarious activities.
Read More...
Intro to malware analysis: Analyzing Python malware
11 minute read time
Understanding malware analysis and the process of researching security vulnerabilities is the first step toward implementing best practices.
Read More...
Malware Monthly - November 2022
12 minute read time
Sonatype's Malware Monthly brings you the latest information on malicious and suspicious packages discovered in software registries.
Read More...
We analyze Python packages that steal Telegram Desktop client files and set up Remote Desktop access accounts after infecting Windows systems.
Read More...
python-dateutils—A Cryptominer in Disguise Targeting Windows, Linux, macOS
5 minute read time
We analyze a suspicious 'python-dateutils' PyPI package targeting Python developers to mine cryptocurrency after infecting their Windows, macOS or Linux systems.
Read More...
Python Packages Upload Your AWS Keys, env vars, Secrets to the Web
5 minute read time
Multiple Python packages caught by Sonatype were seen uploading secrets such as AWS keys and environment variables to a web endpoint.
Read More...
Malicious packages caught this week exfiltrate Amazon EC2, Windows SAM credentials, and launch malicious executables.
Read More...
Trojanized PyPI Package Imitates a Popular Python Server Library
7 minute read time
A trojanized PyPI component 'aiohttp-socks5' has been identified by Sonatype's automated malware detection system, imitating the real 'aiohttp-socks' lib.
Read More...
OSS Index Contributor Asks: Where 'R' You?
2 minute read time
Dr. Colin Gillespie, co-author of the book, Efficient R Programming, talks about contributing to open source software projects and using OSS Index.
Read More...