Due to automation and a high-reward, low-risk threat environment, open source malware increased 188% year over year in the second quarter of this year.
Supply-chain security vendor Sonatype today published its second quarter 2025 “Open Source Malware Index” report, dedicated to malicious open source packages published to popular repositories such as npm and PyPl.
In many cases, attackers will publish files claiming they’re a different, more trusted software package (see typosquatting), and when the end user downloads and runs the package, the malware harvests the victim’s data and credentials. In others, like with XZ Utils last year, an attacker will poison a legitimate package with a backdoor.
In any case, open source repositories are rampant with malware, and as Sonatype highlights in its second quarter 2025 report, it’s only getting worse.
Major Findings
Between April 1 and June 30, Sonatype found 16,279 instances of open source malware.
“Open source components continue to be foundational in modern software development. But as usage grows, so do the opportunities for malicious actors to exploit trust and automate their attacks,” the report read. “Q2 data shows a clear trend: attackers are refining exfiltration-focused malware to harvest secrets and credentials, enabling downstream attacks like supply chain breaches or cloud account takeovers.”
Data exfiltration was the most common use of malware, seen in 55% of samples. “Over 4,400 packages were specifically designed to steal secrets, personally identifiable information, credentials, and API tokens,” Sonatype’s report said. Meanwhile, 5% of packages included crypto miners, 2% contained code injection, and 3% included data corruption.
Software developers, which often use these open source packages, are commonly at the center of these attacks. This is helpful not only for creating supply chain attacks, but also because developers have secrets and keys, as Sonatype principal security researcher Garrett Calpouzos pointed out, “often in predictable locations.”
Sonatype attributes the 188% spike in open source malware year over year to multiple factors, such as the ability to automate publishing and managing large volumes of malicious packages; the fact that many developers and CI/CD systems use consistent file names and variable names, which is useful for programmatically exfiltrating data; and that credential theft in open source ecosystems is “a relatively low-risk, high-reward strategy for attackers,” according to Brian Fox, co-founder and CTO at Sonatype, in the report.
Highlighted Threat Campaigns
In the second quarter, Sonatype tied 107 malicious packages with more 30,000 downloads to North Korean APT Lazarus Group.
“Notably, all observed packages point back to a shared source codebase associated with earlier Lazarus-linked activity, confirming that this is not isolated but part of an ongoing campaign,” Sonatype said. “These packages are designed to steal credentials and execute arbitrary code, enabling attackers to compromise developer machines or CI/CD infrastructure. Although the exact scale of impact remains under investigation, the consistent appearance of these packages underscores the continued abuse of open source ecosystems by nation-state actors.”
Fox tells Dark Reading that rather than data extortion attacks, “the majority of observed behavior [in Q2] aligns more with access brokerage and espionage.”
“Attackers are using open source malware to quietly harvest credentials and secrets that can be sold or leveraged later — sometimes by the same actor, sometimes handed off to others,” he says. “Groups like Lazarus are clearly more focused on long-term infiltration and data gathering than immediate monetary demands, though extortion isn’t off the table depending on what access they achieve.”
The research team also highlighted suspected Chinese threat actor Yeshen-Asia uploading nearly 100 malicious packages claiming to be developer tools under different accounts.
“These packages followed the same pattern: Each was published from a distinct author account, each hosted just one malicious component, and all communicated with infrastructure behind Cloudflare-protected yeshen.asia domains. One npm author alone accumulated over 23,000 installs before takedown, demonstrating how stealthy and widespread this campaign became,” the report read. “Although no novel techniques were observed in this second wave, the level of automation and infrastructure reuse reflect a deliberate, persistent campaign focused on credential theft and secret exfiltration.”
What Defenders Can Do
On the defensive front, vendors such as Sonatype offer products that aim to block open source malware. More broadly, Fox tells Dark Reading that defenders should inventory what they use in a software bill of materials, validate the provenance of components, and to isolate developer risk.
“Use isolated, sandboxed environments for builds, restrict direct access to public registries, and monitor for suspicious activity in dependency behavior — especially post-install scripts,” Fox says. “The key is to assume that open source packages are a potential attack vector and treat them with the same scrutiny you would give any external executable code.”
