ETFOptimize | High-performance ETF-based Investment Strategies

Quantitative strategies, Wall Street-caliber research, and insightful market analysis since 1998.
ETFOptimize | HOME
Close Window
Recent Quotes
My Watchlist
Indicators
Markets
Stocks
ETFs
Tools
Markets:
Overview
News
Currencies
International
Treasuries

Open Source Malware Surges 140% in Q3 as Attackers Target Data and Trusted Dependencies

By: via GlobeNewswire

Fulton, Md., Oct. 15, 2025 (GLOBE NEWSWIRE) -- Sonatype®, the leader in AI-centric DevSecOps, today released the Open Source Malware Index, Q3 2025, which analyzed 34,319 open source malware packages discovered by Sonatype across major open source registries including npm, PyPI, Hugging Face, and more. This quarter’s count brings the total number of malicious packages Sonatype has discovered to 877,522 since 2019. 

“The era of noisy, opportunistic malware is over. Attackers are patient, organized, and increasingly using AI to embed themselves inside the very tools developers rely on,” said Brian Fox, CTO and Co-founder of Sonatype. “They’re hiding malicious payloads in plain sight, turning trusted open source dependencies into delivery mechanisms for data theft and persistence. Defenders need to match that sophistication with AI-driven visibility and proactive controls that stop threats before they ever reach a developer’s environment.”

npm Supply Chain Attacks Expose New Frontlines

A series of npm attacks illustrate a dangerous escalation: attackers are no longer just inserting malicious code into the ecosystem — they’re turning the supply chain itself into a weapon. The chalk and debug package hijack campaign, which impacted components that see more than 2 billion weekly downloads, demonstrated how attackers can subvert legitimate projects to distribute malware at scale. Meanwhile, the unprecedented Shai-Hulud campaign exhibited worm-like behavior that allowed malicious code to self-propagate across repositories, exfiltrate credentials, and publish new compromised packages. 

Data Becomes the Ultimate Target

In Q3, data exfiltration malware accounted for 37% of all malicious open source packages detected, underscoring what previous quarters have shown: there is a growing trend toward intelligence-gathering, espionage, and monetization of stolen data. Adversaries are targeting developer credentials, access tokens, and proprietary information, transforming open source ecosystems into rich hunting grounds for data-driven exploitation.

Multi-Stage and Stealth-First Attacks Reveal New Standard for Sophistication

Droppers, which act as lightweight delivery mechanisms that install secondary payloads such as backdoors or info-stealers, skyrocketed in Q3, making up nearly 38% of all threats, while backdoor-laden packages grew 143% quarter-over-quarter. This indicates a strategic evolution in that adversaries are increasingly building multi-stage malware that installs, hides, and maintains long-term access, posing as benign dependencies. 

The Commoditization and Decline of Low-Effort Malware

Once a dominant category, cryptominers accounted for just 4% of malicious packages in Q3, down from 6% last quarter. This decline reflects the commoditization of simple malware — attackers no longer find value in easily detectable, one-dimensional exploits. Instead, they’re investing in stealth, persistence, and long-term financial return. 

Sonatype Security Research leads the industry in open source malware threat research, tracking malicious open source since 2019. Repository Firewall is the industry’s only solution designed to block malicious open source components and AI models before they attack developers through AI-powered behavioral analytics and automated policy enforcement. Backed by Sonatype’s industry-leading security research team, Sonatype Repository Firewall helped customers prevent 110,370 open source malware attacks in Q3 of this year, with 47% of those attacks facing financial services organizations. 

For more details and access to the latest Open Source Malware Index data, visit https://www.sonatype.com/blog/open-source-malware-index-q3-2025

About Sonatype 

Sonatype is the leader in AI-centric DevSecOps. As the maintainers of Maven Central and creators of Nexus Repository, Sonatype has spent two decades pioneering how the world manages and secures open source software — making Sonatype the trusted authority for modern software supply chains. With unmatched open source visibility and a unified product suite built for modern software development, Sonatype gives enterprises the intelligence and automated governance they need to harness the full potential of open source and AI. Sonatype handles the complexity behind the scenes: guiding component and model selection, blocking harmful malicious code, automating dependency and vulnerability management, and ensuring faster, more reliable builds — so developers spend more time on innovation and less time on remediation and rework. Trusted by more than 15 million developers, Sonatype helps power secure, modern software development at nearly 2,000 global organizations including 70% of the Fortune 100. To learn more about Sonatype, please visit www.sonatype.com.


Megan Schmidt
Sonatype
megan.schmidt@sonatype.com

Recent Quotes

View More
Symbol Price Change (%)
AMZN  229.67
+3.39 (1.50%)
AAPL  276.97
+1.05 (0.38%)
AMD  206.13
-8.92 (-4.15%)
BAC  52.48
+0.55 (1.06%)
GOOG  323.64
+5.17 (1.62%)
META  636.22
+23.17 (3.78%)
MSFT  476.99
+2.99 (0.63%)
NVDA  177.82
-4.73 (-2.59%)
ORCL  197.03
-3.25 (-1.62%)
TSLA  419.40
+1.62 (0.39%)
Stock Quote API & Stock News API supplied by www.cloudquote.io
Quotes delayed at least 20 minutes.
By accessing this page, you agree to the Privacy Policy and Terms Of Service.
© 2025 FinancialContent. All rights reserved.


 
IntelligentValue Home
Close Window

DISCLAIMER

All content herein is issued solely for informational purposes and is not to be construed as an offer to sell or the solicitation of an offer to buy, nor should it be interpreted as a recommendation to buy, hold or sell (short or otherwise) any security.  All opinions, analyses, and information included herein are based on sources believed to be reliable, but no representation or warranty of any kind, expressed or implied, is made including but not limited to any representation or warranty concerning accuracy, completeness, correctness, timeliness or appropriateness. We undertake no obligation to update such opinions, analysis or information. You should independently verify all information contained on this website. Some information is based on analysis of past performance or hypothetical performance results, which have inherent limitations. We make no representation that any particular equity or strategy will or is likely to achieve profits or losses similar to those shown. Shareholders, employees, writers, contractors, and affiliates associated with ETFOptimize.com may have ownership positions in the securities that are mentioned. If you are not sure if ETFs, algorithmic investing, or a particular investment is right for you, you are urged to consult with a Registered Investment Advisor (RIA). Neither this website nor anyone associated with producing its content are Registered Investment Advisors, and no attempt is made herein to substitute for personalized, professional investment advice. Neither ETFOptimize.com, Global Alpha Investments, Inc., nor its employees, service providers, associates, or affiliates are responsible for any investment losses you may incur as a result of using the information provided herein. Remember that past investment returns may not be indicative of future returns.

Copyright © 1998-2017 ETFOptimize.com, a publication of Optimized Investments, Inc. All rights reserved.