Popular Topics

Topics

About

Policies

Our Network

More

Paul Krill
by
Editor at Large

Sonatype warns of 18,000 open source malware packages

news
Apr 3, 20252 mins
JavaJavaScriptMicrosoft .NET

Over half of the malware Sonatype discovered in Q1 2025 was designed to exfiltrate sensitive information from infected systems, the company said.

caution malware alert
Credit: SkillUp / Shutterstock

Software supply chain security company Sonatype uncovered 17,954 open-source malware packages during Q1 2025, the company revealed in its Open Source Malware Index.

Sonatype’s Open Source Malware Index for Q1 2025 was introduced April 2. A proliferation of open source malware, or malicious open source packages, poses unprecedented risk in the form of software supply chain attacks, the company said. Open source malware is intentionally crafted to target developers, in order to infiltrate and exploit software chains, according to Sonatype.

The index examines evolving trends in open source malware and key shifts in malicious open source packages across ecosystems. Data for Q1 2025 showed a notable shift in the types of threats targeting software developers, with more than half of the malware aimed at exfiltrating sensitive data, Sonatype said.

To create the index, Sonatype examined a broad set of open source package consumption data and proprietary data, including malicious packages blocked by Sonatype Firewall. Sonatype also examined dependency update patterns for more than 1.5 trillion requests from Maven Central and thousands of open source projects, and analyzed malicious packages observed in the Java (Maven Central), JavaScript (NPM), Python (PyPI), and .NET (NuGet) ecosystems.

Key findings of the Open Source Malware Index for Q1 2025 include the following:

  • 56% of malware discovered in Q1 2025 was related to data exfiltration, designed to harvest sensitive data from infected systems. This was a dramatic increase from 26% in Q4 2024.
  • Crypto-mining malware made up 7% of malicious packages discovered in the Q1 2025, doubling from 3.55% in Q4 2024.
  • Sonatype said it helped block more than 20,000 open source malware attacks in Q1 2025, with 66% of these at financial services companies, 14% at government organizations, and 7% at oil and gas utilities.
  • 80% of logged packages in Q1 2025 were made up of more sophisticated and threatening types of malware, such as droppers and code injection malware.
Paul Krill
by
Editor at Large

Paul Krill is editor at large at InfoWorld. Paul has been covering computer technology as a news and feature reporter for more than 35 years, including 30 years at InfoWorld. He has specialized in coverage of software development tools and technologies since the 1990s, and he continues to lead InfoWorld’s news coverage of software development platforms including Java and .NET and programming languages including JavaScript, TypeScript, PHP, Python, Ruby, Rust, and Go. Long trusted as a reporter who prioritizes accuracy, integrity, and the best interests of readers, Paul is sought out by technology companies and industry organizations who want to reach InfoWorld’s audience of software developers and other information technology professionals. Paul has won a “Best Technology News Coverage” award from IDG.

More from this author

Show me more

news

GenAI isn’t taking software engineering jobs, but it is reshaping leadership roles

By Dan Muse
4 mins
DeveloperGenerative AISoftware Deployment
Image
analysis

Cloud repatriation hits its stride

By David Linthicum
5 mins
Cloud ComputingHybrid CloudMulticloud
Image
feature

7 application security startups at RSAC 2025

By Victor Garza
7 mins
APIsApp TestingDevSecOps
Image
video

How to prettify command line output in Python with Rich

4 mins
Python
Image
video

Using UV vs. Poetry for Python project management

4 mins
Python
Image
video

How to create a simple WebAssembly module with Go

4 mins
Python
Image