Sonatype® has released the Open Source Malware Index, Q3 2025, identifying 34,319 open source malware packages and bringing the total discovered since 2019 to 877,522. Attackers are using AI to embed malware in trusted open source tools, emphasizing the need for AI-driven security controls to stop threats before reaching developers.

npm supply chain attacks are escalating, with attackers weaponizing the supply chain itself to distribute malware at scale. The chalk and debug package hijack campaign impacted components with over 2 billion weekly downloads, while the Shai-Hulud campaign exhibited worm-like behavior to propagate malicious code across repositories.

Data exfiltration malware accounted for 37% of all malicious open source packages in Q3, showing a trend towards intelligence-gathering, espionage, and monetization of stolen data. Adversaries target developer credentials, access tokens, and proprietary information in open source ecosystems.

Q3 saw a surge in droppers and backdoor-laden packages, indicating a shift towards multi-stage malware that installs, hides, and maintains long-term access. Cryptominers declined to just 4% of malicious packages, reflecting attackers’ focus on stealth, persistence, and long-term financial gain.

Sonatype’s Repository Firewall prevents open source malware attacks through AI-powered behavioral analytics and automated policy enforcement. In Q3, it helped customers prevent 110,370 attacks, with 47% targeting financial services organizations. Sonatype is the leader in AI-centric DevSecOps, providing intelligence and automated governance for secure, modern software development.

Read more at GlobeNewswire: Open Source Malware Surges 140% in Q3 as Attackers Target