97/68 Wednesday, March 12, 2025
FortiGuard Labs of Fortinet has reported the discovery of over 1,000 malicious software packages that employ techniques to conceal harmful code within small files, deploying hidden scripts without user awareness. The report highlights emerging cybercriminal attack trends and methods, which could impact both organizations and individual users lacking robust security measures.
Analysis reveals that these malware packages employ various evasion tactics, such as embedding malicious code within minimal files, executing suspicious scripts automatically, omitting source URLs to hinder traceability, and using suspicious APIs to connect to command-and-control (C2) servers. Additionally, some packages feature empty descriptions, while others use unusually high version numbers to bypass detection mechanisms.
Researchers have also identified malware leveraging Python and Node.js packages to steal information. Python-based threats are used to collect system data and transmit it to remote servers, while Node.js malware exfiltrates data via Discord webhooks. Some JavaScript-based packages install backdoors, allowing hackers to access systems undetected. The report underscores the evolving nature of these attack strategies, urging organizations and individuals to enhance their cybersecurity defenses. Recommended measures include regular system updates, the use of advanced threat analysis tools, and cybersecurity awareness training to prevent falling victim to increasingly sophisticated cyber threats.
Source https://hackread.com/malicious-packages-exploiting-open-source-platforms/
