Sonatype Battles Malicious Packages, Protects Software Supply Chain
Sonatype, a leading provider of software supply chain security, has recently discovered and mitigated several malicious packages targeting different software ecosystems. Its automated malware detection technology, Sonatype Repository Firewall, continues to safeguard users from such threats.
Sonatype has reported numerous malicious packages, including '@core-pas/cyb-core' for JavaScript, which attempts to steal sensitive data from users' systems. The creators of this package, as well as others like 'flame-vali' for npm and recently discovered malicious PyPI packages, remain unknown.
The threat of typosquatting malware persists, with more packages imitating legitimate libraries being published to PyPI. Python developers using AIOHTTP have been repeatedly targeted, with malicious packages attempting to exploit their systems.
Sonatype's Repository Firewall instances automatically quarantine suspicious components while a manual review is in progress. This proactive measure ensures that users remain protected from potential infections. In one such instance, the 'flame-vali' package, assigned sonatype-2022-3346 in Sonatype's security research data, was caught and neutralized by Sonatype's automated malware protection systems. This package attempted to disable Windows Defender, leaving systems vulnerable to further attacks.
Sonatype's vigilance in detecting and mitigating malicious packages ensures the security of software supply chains. With its automated malware protection technology and proactive quarantine measures, Sonatype continues to protect users from evolving threats in the software ecosystem.
