Malicious open source packages surged into industrialized, large-scale campaigns in 2025, with researchers identifying more than 454,600 new malicious packages across npm, PyPI, Maven Central, NuGet, and Hugging Face and attacks increasing in sophistication. The report spotlights npm as the primary vector—featuring self-replicating packages like Shai-Hulud, activity from threat actors such as Lazarus Group and IndonesianFoods, and exploitation of developer CI/CD processes that threaten the software supply chain #npm #ShaiHulud
Keypoints
- Researchers found over 454,600 new malicious open source packages in 2025 across major repositories.
- More than 99% of open source malware activity was observed on npm.
- Threat actors like the Lazarus Group and IndonesianFoods advanced to multi-stage payloads and self-replicating malware such as Shai-Hulud.
- Attackers exploit developer pressures and CI/CD decision-making through social and technical mimicry at scale.
- The convergence of AI model hubs and open source increases risk via persistent malware in containers, pickled models, and precompiled binaries.
Read More: https://thecyberexpress.com/malicious-open-source-software-packages/