Sonatype Warns of Growing Threat in Trusted Software Packages

In addition, the data reveals that 22% of malware packages exfiltrated sensitive information, while 19% specifically targeted secrets. Notably, attackers relied less on sophisticated techniques and instead abused trust by using believable package names, legitimate release workflows, and familiar development processes. Consequently, malicious code easily infiltrated development environments and CI/CD pipelines.

Trust Abuse and Attack Patterns

Furthermore, researchers observed that attackers introduced a new malicious package every six minutes on average. JavaScript ecosystems remained a preferred target due to their direct access to developers and automated build systems at scale.

Importantly, the report emphasizes that the real danger lies not just in malicious code itself, but in how it enters systems through seemingly legitimate channels. Attackers repeatedly leveraged default trust rather than advanced exploits, making detection more challenging.

Key Incidents Highlighted

The report outlines three major incidents that demonstrate this trend.

First, SANDWORM_MODE involved typosquatted npm packages designed to steal developer data. These packages extracted npm and GitHub tokens, API credentials, cryptographic keys, and environment variables. Additionally, they included code to spread across repositories and even interact with local AI tools like Ollama, suggesting early experimentation with self-modifying malware.

Next, the compromise involving Trivy and LiteLLM showcased a more advanced attack chain. A tampered version of the Trivy security scanner enabled the insertion of malicious code into LiteLLM. Specifically, compromised PyPI versions (1.82.7 and 1.82.8) included obfuscated credential stealers targeting cloud secrets, SSH keys, Kubernetes tokens, and CI/CD configurations. The malware also established persistence using sysmon.py.

Finally, the axios attack demonstrated how minor changes can have widespread consequences. Attackers hijacked an npm publishing account and released infected versions with a hidden dependency. This dependency executed a secondary payload using npm’s postinstall hook. Researchers identified behavior consistent with a remote access trojan across macOS, Windows, and Linux systems.

Developer Response and Security Implications

Given these findings, the report strongly advises development teams to thoroughly inspect both direct and indirect dependencies before deployment. Furthermore, organizations should treat development and CI environments as high-value targets, since attackers consistently seek sensitive credentials and secrets.

Equally important, simply removing malicious packages is not enough. In incidents like LiteLLM and axios, teams must assume credential compromise, rotate secrets immediately, and conduct full environment reviews.

Additionally, release workflows now form a critical part of the attack surface. Maintainer accounts, publishing pipelines, and automation processes require stricter security controls. Attackers no longer depend on suspicious packages; instead, they exploit trusted update mechanisms.

The data for this report comes from extensive package consumption insights, including over 1.5 trillion requests from Maven Central and thousands of open-source projects.

Ultimately, Sonatype concludes that the most effective attacks succeed by blending in. As the report states, attackers succeed by “hiding behind trusted packages, trusted release paths, and trusted workflows to steal secrets, access sensitive data, and compromise entire organisations”.

Recommended Cyber Technology News:

• Manifold Security Launches AI Supply Chain Intelligence Platform
• Artemis Raises $70 Million To Tackle AI-Driven Cyber Threats
• Riskified and Rue Gilt Groupe Transform CX with Identity Intelligence

To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com