Open Source Malware Surges 188% Targeting Developers Globally
Open Source Malware Surges 188% Targeting Developers Globally

Open Source Malware Surges 188% Targeting Developers Globally

News summary

In the second quarter of 2025, malicious open-source software packages surged by 188%, with security firm Sonatype uncovering 16,279 new malware packages targeting developers and CI/CD pipelines. Data exfiltration dominated these attacks, accounting for 55% of malicious packages, specifically designed to steal sensitive information such as secrets, credentials, API keys, and personally identifiable information. A notable example includes a malicious npm package disguised as a CryptoJS revival, which targeted crypto wallets with over 1,000 units and harvested MongoDB connection strings and environment variables. Attackers are increasingly focusing on developer environments, exploiting environment variables, config files, and CI/CD tools to gain unauthorized access, using sophisticated techniques like time-delayed payloads and encrypted transmissions to evade detection. Additionally, there was a doubling in data corruption malware, aimed at sabotaging applications and infrastructure, while cryptomining malware slightly declined as threat actors shift toward credential theft and long-term infiltration. The Lazarus Group, linked to North Korea, was responsible for over 100 malicious packages, underscoring the growing use of open-source ecosystems by advanced threat actors for cyber-espionage and financial crime.

Story Coverage
Bias Distribution
100% Unrated
Information Sources
Coverage Details
Total News Sources
1
Left
0
Center
0
Right
0
Unrated
1
Last Updated
2 hours ago
Bias Distribution
100% Unrated
Related News
Daily Index

Negative

25Serious

Neutral

Optimistic

Positive

Ask VT AI
Story Coverage
Subscribe

Stay in the know

Get the latest news, exclusive insights, and curated content delivered straight to your inbox.

Present

Gift Subscriptions

The perfect gift for understanding
news from all angles.

Related News
Recommended News