SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image

Open source malware up 156%, Sonatype research shows

Yesterday

New research by Sonatype has revealed a significant increase in open source malware in 2024, now tracking over 778,500 malicious packages.

The report highlights that the npm registry accounts for 98.5% of these malicious packages. This is attributed to the JavaScript ecosystem's 70% growth in download requests, primarily driven by AI applications and spam, coupled with minimal safeguards for new packages, making it a target for threat actors.

Sonatype's research also drew attention to the prevalence of Potentially Unwanted Applications (PUAs) in the open source malware landscape, comprising 64.75% of the activity. PUAs can include spyware, adware, or tracking components that jeopardise user security and privacy. Other significant types of malware identified were security holding packages, constituting 24.2%, and data exfiltration at 7.86%.

Government organisations were particularly affected, enduring 67.31% of all malware attacks identified by Sonatype. By contrast, financial services faced 24% of attacks with the energy, oil, and gas sector experiencing 2.15%. Over 450,000 malware attacks were blocked by Sonatype for its clients in 2024.

The findings indicate a 32.8% increase in "shadow downloads" of open source malware, which are downloads that sidestep repository safeguards, directly targeting developer machines and bypassing traditional security policies.

"Software developers have become the prime target for the next evolution of software supply chain attacks," explained Brian Fox, Chief Technology Officer and Co-Founder at Sonatype. "Open source malware is uniquely nefarious — it sits between endpoint solutions, which can't detect this method of delivery, and traditional vulnerability analysis. Too many enterprises treat open source malware like vulnerabilities in code, waiting to catch bugs during scanning which is too late. It is imperative for organisations to take a proactive approach, preventing consumption of open source malware before it enters their development pipelines."

Sonatype's annual State of the Software Supply Chain report, released earlier in the year, reported a 156% increase in open source malware from 2023 to 2024. The report suggests that 50% of unprotected repositories may already contain cached malware, posing a substantial risk to supply chains.

The Sonatype Repository Firewall is noted as a tool to counter these threats. It detects and blocks vulnerabilities in open source code repositories using AI behavioural analytics and automated policy enforcement. The company boasts that this solution, supported by their research team, aided customers in blocking more than 450,000 malware attacks in the past year.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X