Security researchers have reportedly discovered malicious packages on the npm and PyPI open source repositories. According to security researchers, the malicious packages could cause serious issues if they are unknowingly downloaded by developers who use the platform. Security firm Sonatype stated that it identified 691 malicious npm packages and 49 malicious PyPI components. The packages contains crypto miners, remote access Trojans, and more.
The discoveries are the latest in a series of identifications, bringing Sonatype’s total discoveries to roughly 107,000 packages that have been flagged as suspicious or malicious since 2019. Sonatype states that it also identified a new Python malware that combines the capabilities of a RAT and information stealer in the open source repositories.
Read More: Researchers Uncover 700+ Malicious Open Source Packages