Skip Navigation

Malware Monthly - January 2023

11 minute read time

January 2023's Malware Monthly covers malware that rejects virtual machines, Linux crypto miners, evasive variants of RAT mutants, and more.

Intro to malware analysis: Analyzing Python malware

By Juan Aguirre on January 19, 2023 python

11 minute read time

Understanding malware analysis and the process of researching security vulnerabilities is the first step toward implementing best practices.

Developers need two things: The Sonatype Platform and a full pot of coffee

By Austin Bradley on December 13, 2022 Sonatype Platform

5 minute read time

Waiting too long to invest in security is too common. Sonatype's Nexus platform helps orgs protect themselves from known and unknown vulnerabilities.

The magic behind over 101,000 Malicious packages discovered and blocked

By Chris Good on November 08, 2022 Product

3 minute read time

A look at how Sonatype software is protecting development teams and software with the industry-leading tools.

Arming the defender force and securing the software supply chain: Helping developers implement CISA best practices - Part 1

By Eric Hill on September 19, 2022 secure software supply chain

4 minute read time

Sonatype's Nexus Platform helps give DevSecOps practitioners the tools they need to help secure the software supply chain against malicious cyber attacks.

More than 200 cryptomining packages flood npm and PyPI registry

By Ax Sharma on August 19, 2022 vulnerabilities

5 minute read time

More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.

This Week in Malware - Fileless Linux cryptominer, 100 packages

By Aaron Linskens on August 12, 2022 vulnerabilities

6 minute read time

This week Sonatype discovered more than 100 open source packages that were malicious, suspicious, or dependency confusion attacks.

PyPI package 'secretslib' drops fileless Linux malware to mine monero

By Ax Sharma on August 11, 2022 vulnerabilities

7 minute read time

Sonatype identified a 'secretslib' PyPI package that covertly installs cryptominers on Linux systems.

This Week in Malware — Typosquats in PyPI, dependency confusion packages

By Hernán Ortiz on August 04, 2022 vulnerabilities

2 minute read time

This Week in Malware we discovered 50 packages that are either malicious or dependency confusion attacks.