Malicious packages are threatening software supply chains

Kaspersky's Global Research and Analysis Team experts reported that by the end of 2024 a total of 14,000 malicious packages were found in open-source projects, a 48% increase compared to the end of 2023. 42 million versions of open-source packages have been examined by Kaspersky throughout 2024 in search for vulnerabilities.
Open-source is software with source code that anyone can inspect, modify, and enhance. Popular open-source packages include GoMod, Maven, NuGet, npm, PyPI, and others. These are tools that power countless applications and help developers easily find, install, and manage pre-built code libraries, making it simpler to build software by reusing code others have written. Attackers take advantage of the popularity of these and other packages.
In March 2025, the Lazarus Group was reported to have deployed several malicious npm packages, which were downloaded multiple times before removal. These packages contained malware to steal credentials, cryptocurrency wallet data, and deploy backdoors, targeting developers' systems across Windows, macOS, and Linux. The attack leveraged GitHub repositories for added legitimacy, highlighting the group's sophisticated supply chain tactics. Kaspersky's GReAT also found other npm packages related to this attack. Malicious npm packages could have been integrated into web development, cryptocurrency platforms, and enterprise software, risking widespread data theft and financial losses.
In 2024, a sophisticated backdoor was discovered in XZ Utils versions 5.6.0 and 5.6.1, a widely used compression library in Linux distributions. Inserted by a trusted contributor, the malicious code targeted SSH servers, enabling remote command execution and threatening countless systems globally. Detected before widespread exploitation due to performance anomalies, the incident highlighted the dangers of supply chain attacks. XZ Utils is integral to operating systems, cloud servers, and IoT devices, making its compromise a threat to critical infrastructure and enterprise networks.
In 2024, Kaspersky's GReAT discovered that attackers uploaded malicious Python packages like chatgpt-python and chatgpt-wrapper to PyPI, mimicking legitimate tools for interacting with ChatGPT APIs. These packages, designed to steal credentials and deploy backdoors, capitalised on the popularity of AI development to trick developers into downloading them. These packages could have been used in AI development, chatbot integrations, and data analytics platforms, endangering sensitive AI workflows and user data.
'Open-source software is the backbone of many modern solutions, but its openness is being weaponised. The 50% rise in malicious packages by the end of 2024 shows attackers are actively embedding sophisticated backdoors and data stealers in popular packages, which millions rely on. Without rigorous vetting and real-time monitoring, a single compromised package can trigger a global breach. Organisations need to secure the supply chain before the next XZ Utils-level attack succeeds,' comments Dmitry Galov, Head of Research Centre for Russia and CIS at Kaspersky's Global Research and Analysis Team.
To stay safe, Kaspersky recommends:
Use a solution for monitoring the used open-source components in order to detect the threats that might be hidden inside.
If you suspect that a threat actor may have gained access to your company's infrastructure, we recommend using the Kaspersky Compromise Assessment service to uncover any past or ongoing attacks.
Verify package maintainers: check the credibility of the maintainer or organization behind the package. Look for consistent version history, documentation, and an active issue tracker.
Stay informed on emerging threats: subscribe to security bulletins and advisories related to the open-source ecosystem. The earlier you know about a threat, the faster you can respond.
Image Credit: Stock Image

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

Tahawul Tech

2 hours ago

• Tahawul Tech

Genomics company fined over data breach

23andMe an American personal genomics and biotechnology company has been fined £2.31m by a UK watchdog over 2023 data breach which saw thousands of customers affected. The Information Commissioner's Office (ICO) said the DNA testing firm – which has since filed for bankruptcy – failed to put adequate measures in place to secure sensitive user data prior to the incident. 'This was a profoundly damaging breach that exposed sensitive personal information, family histories, and even health conditions', said Information Commissioner John Edwards. 23andMe is set to be sold to a new owner, TTAM Research Institute – a non-profit biotech organisation led by its co-founder and former chief executive Anne Wojcicki, which said it had 'made several binding commitments to enhance protections for customer data and privacy'. 23andMe's users were targeted by what is known as a 'credential stuffing' attack in October 2023. This saw hackers use passwords exposed in previous breaches to access 23andMe accounts for which people had used the same or similar credentials. They were able to access 14,000 individual accounts – and, through those, download information relating to about 6.9m people linked to as possible relations on the site. According to the ICO, this included access to personal data belonging to 155,592 UK residents, such as names, year of birth, geographical information, profile images, race, ethnicity, health reports and family trees. Stolen data did not include DNA records. 'As one of those impacted told us: once this information is out there, it cannot be changed or reissued like a password or credit card number', said Mr Edwards. Due to its more sensitive nature, genetic data is considered special category data under UK data protection law and requires further protections and safeguards. Firms controlling it should consider having additional security measures in place to help secure it, according to the ICO's guidance. Its investigation – launched along with Canada's privacy commissioner last June – found that 23andMe breached UK data protection law by not having appropriate authentication and verification measures for customers during its login process. This included not having mandatory multi-factor authentication to allow users logging in to verify themselves through additional means or devices. The company also did not have secure password requirements or more verification requirements for users trying to download raw genetic data, it added. Mr Edwards said such failures and delays in resolving them 'left people's most sensitive data vulnerable to exploitation and harm'. 'Their security systems were inadequate, the warning signs were there, and the company was slow to respond,' he said. Source: BBC News Image Credit: Stock Image

Zawya

3 hours ago

• Zawya

Research shows 97% of IT leaders in the UAE plan to boost Networking Budget Share

Cisco revealed the UAE Findings of its Global Networking Research News summary: Architectural shift already underway: 98% of IT leaders in the UAE see modernized networks as critical to deploying AI, IoT, and cloud. Secure networking is critical: 97% believe an improved network will enhance their cybersecurity posture. Modern networks unlock business value: 96% say improved infrastructure will drive revenue. Dubai, UAE: Ahead of Cisco's flagship Event for the Gulf region 'Cisco Connect' for customers and partners, the company today released the UAE findings of its global networking study revealing a major architectural shift underway across enterprise networks. As AI assistants, agents, and data-driven workloads reshape how work gets done, they're creating faster, more dynamic, more latency-sensitive, and more complex network traffic. Combined with the ubiquity of connected devices, 24/7 uptime demands, and intensifying security threats, these shifts are driving infrastructure to adapt and evolve. The result: IT leaders are changing how they think about the network: what it is, what it enables, and how it protects the organization. The network they build today will decide the business they become tomorrow. Six signals that an architectural shift is underway: The network has become a strategic priority: 98% say a modernized network is critical to rolling out AI, IoT, and cloud. 97% of IT leaders plan to increase the share of their overall IT budget allocated to networking. Secure networking is mission critical: 99% say secure networking is important to their operations and growth; 68% say it's critical. 97% believe an improved network will enhance their cybersecurity posture. AI intensifies demand for resilient networks: 99% say a resilient network is critical, at a time when 78% faced major outages – driven largely by congestion, cyberattacks, and misconfigurations – adding up to $160B globally from just one severe disruption per business, per year. Leaders look to AI to grow revenue: 55% say a modernized network's greatest impact on revenue will come from deploying AI tools that automate and tailor customer journeys – enabling faster, more personalized experiences that can strengthen loyalty and drive growth. AI is reshaping computing infrastructure: 67% say their data centres can't yet meet today's AI demands, and 92% plan to expand capacity – on-prem, in the cloud, or both. Leaders want to make networks smarter: 99% say autonomous, AI-powered networks are essential to future growth – yet only 47% have deployed the intelligent capabilities – like segmentation, visibility, and control – to make their network adaptive. Abdelilah Nejjari, the Managing Director for the Gulf and Levant at Cisco, commented: "Our networking research clearly demonstrates that modernizing networks is no longer just an IT issue - it's a strategic imperative for organizations aiming to thrive in the AI era. Networks are the backbone of digital transformation, enabling seamless connectivity, and empowering businesses to adapt, scale, and thrive in an ever-evolving digital landscape.' He added: 'The ongoing AI infrastructure buildout in the Middle East presents a unique opportunity for organizations to leverage advanced networking capabilities that can support AI and drive innovation. Cisco is committed to building resilient, intelligent networks that not only meet the increasing demands of AI-driven workloads but also secure and future-proof organizations against evolving cyber threats.' The Network is the Value: Modern Infrastructure Unlocking Growth and Savings IT leaders are already delivering financial value from today's networks – largely by improving customer experiences (59%), boosting efficiency (57%), and enabling innovation (56%). But much of that value is at risk if it comes from infrastructure that hasn't been designed for AI or real-time scale. To unlock the full growth and savings they expect, leaders have identified critical gaps they must close: siloed or partially integrated systems (64%), incomplete deployments (55%), and reliance on manual oversight (50%). Smarter, more secure, more adaptive networks are the business case for investment. 96% say improved networks will directly drive revenue, and 97% expect meaningful cost savings – driven by smarter operations, fewer outages, and lower energy use. About the research This global study is based on a survey of 8,065 senior IT and business leaders responsible for networking strategy and infrastructure at organizations with 250 or more employees. The survey was conducted across 30 markets in December 2024 by Sandpiper Research & Insights, on behalf of Cisco. About Cisco Cisco (NASDAQ: CSCO) is the worldwide technology leader that is revolutionizing the way organizations connect and protect in the AI era. For more than 40 years, Cisco has securely connected the world. With its industry leading AI-powered solutions and services, Cisco enables its customers, partners and communities to unlock innovation, enhance productivity and strengthen digital resilience. With purpose at its core, Cisco remains committed to creating a more connected and inclusive future for all. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at Third-party trademarks mentioned are the property of their respective owners. The use of the word 'partner' does not imply a partnership relationship between Cisco and any other company.

Zawya

3 hours ago

• Zawya

General Assembly Bahrain and Advantari unite to strengthen digital expertise in the kingdom

Manama, Bahrain — General Assembly (GA) Bahrain and Advantari Digital Solutions have formalized a partnership aimed at enhancing digital skills and bridging the gap between education and industry demands in Bahrain. Advantari, a Bahrain-based consultancy specializing in digital transformation and cybersecurity, has rapidly established itself as a trusted advisor for organizations navigating the complexities of the digital age. With services ranging from CTO and CISO as a Service to mobile and web application development, Advantari focuses on delivering tailored solutions that drive business advantage while safeguarding against cyber threats. Through this collaboration, Advantari will gain access to GA Bahrain's pool of graduates who have completed intensive programs in software engineering, data analytics, and UX design. This initiative aims to provide Advantari with skilled professionals ready to contribute to ongoing projects, while offering GA graduates real-world experience in a dynamic consultancy environment. The partnership also encompasses joint efforts in organizing events such as career fairs, panel discussions, and workshops. Advantari's involvement will provide students with insights into current industry practices, while also allowing the company to engage with emerging talent and innovative ideas. By aligning industry insight with skills development, the collaboration sets a new precedent for how companies in Bahrain can contribute to building future-ready talent. Both organizations share a belief that investing in people is the most powerful way to drive innovation, growth, and long-term impact across the Kingdom's tech ecosystem. This partnership reflects a shared commitment to fostering a robust digital ecosystem in Bahrain, where education and industry work hand in hand to prepare the workforce for the demands of the digital economy. About General Assembly: General Assembly Bahrain plays a crucial role in enhancing the tech skills of Bahrainis. Offering courses in software engineering, UX design, and data analytics, General Assembly Bahrain aligns its curriculum with market trends. Notably, General Assembly Bahrain has achieved a significant positive outcomes rate for its graduates, including employment, freelancing and entrepreneurial opportunities, underscoring its commitment to bridging the digital skills gap in the Kingdom. About Advantari : Advantari is a Bahrain-based company on the mission to enable its clients with business 'advantage' through Digital Transformation while protecting them from Cyber Security threats.