5000+ Malicious Packages Found In The Wild To Compromise Windows Systems

These packages, detected from November 2024 onward, employ sophisticated techniques to evade traditional security measures while executing harmful actions that can lead to data theft, unauthorized access, and complete system compromise. Similarly, malicious Node.js packages like seller-admin-common_6.5.8 and seller-rn-mng-lib_6.5.8 contain code that harvests sensitive information including internal and external IP addresses, DNS servers, and user details, bundling this data into JSON objects before transmitting it to attackers via Discord webhooks. These malicious packages pose substantial threats to Windows systems, with capabilities ranging from keylogging and data exfiltration to establishing backdoors and executing remote commands. FortiGuard Labs recommends that developers install packages only from trusted sources, review package content before installation, use isolated virtual environments, employ security scanning tools, and maintain up-to-date dependencies. Another 1,052 packages contained suspicious install scripts designed to silently deploy malicious code during the installation process, often modifying standard procedures to execute harmful actions without user awareness. Further analysis by Fortinet researchers revealed 681 packages utilizing suspicious APIs, including commands such as https.get and https.request, primarily used to exfiltrate sensitive data or establish remote control capabilities. The analysis reveals a disturbing trend in the evolution of cyber threats, with attackers continuously refining their methods to bypass security protocols and infiltrate systems undetected. Packages such as AffineQuant-99.6, amzn-aws-glue-ml-libs-python-6.1.5, and amzn-awsglue-6.1.4 were found to gather MAC addresses, hostnames, usernames, and directory information before transmitting this data to attacker-controlled servers. FortiGuard Labs has recently uncovered more than 5,000 malicious software packages designed to compromise Windows systems. The study also identified 537 packages with empty descriptions, a technique that further obscures malicious intent, and 164 packages with unusually high version numbers, used to mislead users into trusting outdated or potentially harmful software. One particularly concerning attack vector involves Python packages that exploit the setup.py file to silently collect system information. The code not only logs keystrokes but also establishes a backdoor with elevated privileges, providing attackers complete system control while collecting operating system details, installed applications, and network configurations. Additionally, 1,043 packages lacked repository URLs, raising significant concerns about their legitimacy and traceability, while 974 packages included suspicious URLs that potentially facilitate communication with command-and-control servers. The investigation identified 1,082 packages with low file counts, a tactic employed to minimize detection footprint while maximizing damage potential. The script employs different system commands depending on the operating system (getmac for Windows, ifconfig for Linux/macOS) and encodes the stolen information using base64 before exfiltration.

This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 11 Mar 2025 11:50:07 +0000


Cyber News related to 5000+ Malicious Packages Found In The Wild To Compromise Windows Systems

5000+ Malicious Packages Found In The Wild To Compromise Windows Systems - These packages, detected from November 2024 onward, employ sophisticated techniques to evade traditional security measures while executing harmful actions that can lead to data theft, unauthorized access, and complete system compromise. Similarly, ...
1 month ago Cybersecuritynews.com
Malicious PyPI packages targeting highly specific MacOS machines - As part of our software package supply chain security efforts, we continuously scan for malware in newly released PyPI and NPM packages. In this post, we describe a particularly interesting cluster of malicious packages that we've identified. In late ...
10 months ago Securitylabs.datadoghq.com
3 PYPI Packages Caught Spreading Malware - Recent reports have highlighted the malicious spreading of malware via 3 specific Python Package Index (PyPI) packages. These 3 packages were identified and reported by Sonatype, a software supply chain security firm. ...
2 years ago Securityaffairs.com
Misconfiguration and vulnerabilities biggest risks in cloud security: Report - The two biggest cloud security risks continue to be misconfigurations and vulnerabilities, which are being introduced in greater numbers through software supply chains, according to a report by Sysdig. While zero trust is a top priority, data showed ...
2 years ago Csoonline.com Hunters
116 Malicious PyPI Packages Downloaded Over 10,000 Times - A cluster of malicious Python projects has been identified in PyPI, the official Python PyPI package repository, which targets both Windows and Linux systems and often deploys a custom backdoor. In certain instances, the ultimate payload consists of ...
1 year ago Cybersecuritynews.com
Three New Malicious PyPI Packages Deploy CoinMiner on Linux Devices - Affected platforms: LinuxAffected parties: Linux users that have these malicious packages installedImpact: Latency in device performanceSeverity level: High. On December 5th, 2023, FortiGuard's AI-driven OSS malware detection system identified three ...
1 year ago Feeds.fortinet.com
Windows 10 Extended Security Updates Promised for Small Businesses and Home Users - Already common for enterprises, for the first time, individuals will also get the option to pay for extended security updates for a Windows operating system that's out of support. Windows 10 will stop getting free updates, including security fixes, ...
1 year ago Techrepublic.com
New Typosquatting and Repojacking Tactics Uncovered on PyPI - Security researchers have identified a concerning uptick in malicious activities infiltrating open-source platforms and code repositories. This trend encompasses a wide array of malicious activities, including hosting command-and-control ...
1 year ago Infosecurity-magazine.com
Malicious NPM, PyPI Packages Stealing User Information - Check Point and Phylum are warning of recently identified NPM and PyPI packages designed to steal user information and download additional payloads. Taking advantage of the broad use of open source code in application development, malicious actors ...
2 years ago Securityweek.com
The Embedded Systems and The Internet of Things - The Internet of Things is a quite new concept dealing with the devices being connected to each other and communicating through the web environment. This concept is gaining its popularity amongst the embedded systems that exist - let's say - 10 or ...
1 year ago Cyberdefensemagazine.com
IT and OT cybersecurity: A holistic approach - In comparison, OT refers to the specialized systems that control physical processes and industrial operations. OT Technologies include industrial control systems, SCADA systems and programmable logic controllers that directly control physical ...
1 year ago Securityintelligence.com
Malicious Python Packages Attacking Popular Cryptocurrency Library To Steal Sensitive Data - These packages, identified as bitcoinlibdbfix and bitcoinlib-dev, masquerade as legitimate fixes for the cryptocurrency library while containing code designed to exfiltrate sensitive database files containing valuable crypto wallet information. The ...
5 days ago Cybersecuritynews.com
Malicious NPM Packages Targeting PayPal Users to Steal Sensitive Data - FortiGuard Labs, Fortinet’s AI-driven threat intelligence arm, has uncovered a series of malicious NPM packages designed to steal sensitive information from developers and target PayPal users. Detected between March 5 and March 14, 2025, these ...
21 hours ago Cybersecuritynews.com
Lazarus Adds New Malicious npm Packages with Hexadecimal Encoding - These packages, part of the broader Contagious Interview operation, are designed to evade automated detection systems and manual code audits, marking a significant evolution in the group’s approach to cyber espionage and financial theft. The ...
5 days ago Cybersecuritynews.com Lazarus Group
'everything' blocks devs from removing their own npm packages - Since these 3,000+ packages manage to include every single npm package on the npmjs.com registry as their dependency, npm package authors who have ever published to the npm registry would now be unable to remove their packages at will, because of ...
1 year ago Bleepingcomputer.com
Lazarus Hackers Weaponized 6 npm Packages To Steal Logins - The hackers successfully compromised six popular npm packages, injecting malicious code designed to harvest login credentials from thousands of developers and organizations worldwide. A sophisticated supply chain attack orchestrated by the notorious ...
1 month ago Cybersecuritynews.com Lazarus Group
Trouble in Da Hood: Malicious Actors Use Infected PyPI Packages to Target Roblox Cheaters | Imperva - In recent research on compromised and malicious PyPI packages, Imperva Threat Research has identified an ongoing malware campaign specifically targeting Roblox hackers. Over time, vast communities have assembled on various platforms such as Reddit, ...
6 months ago Imperva.com
DPython's Poisoned Package: Another 'Blank Grabber' Malware in PyPI - Python Package Index is a platform that offers an extensive range of packages to simplify and enhance the development process. Malicious actors regularly upload phishing packages in the platform's repository aimed at delivering malware to steal the ...
1 year ago Imperva.com
Android malware and unwanted software statistics for Q1 2024 - Over 389,000 malicious installation packages were detected, of which: 11,729 packages were related to mobile banking Trojans, 1,990 packages were mobile ransomware Trojans. The rapid growth in the total number of attacks between Q2 and Q4 2023 is ...
10 months ago Securelist.com
Creating a New Market for Post-Quantum Cryptography - A day in the busy life of any systems integrator includes many actions that revolve around the lifeblood of its business - its customers. Systems integrators help solve evolving customer business challenges, which in turn adds partner value. It's a ...
1 year ago Securityboulevard.com
7 Weaponized Go Packages Attacking Linux & macOS To Install Hidden Malware Loader - Security researchers have uncovered an ongoing malicious campaign targeting the Go ecosystem with seven typosquatted packages designed to install hidden loader malware on Linux and macOS systems. Security researchers recommend using tools like ...
1 month ago Cybersecuritynews.com
North Korean Lazarus hackers infect hundreds via npm packages - The packages contain malicious code designed to steal sensitive information, such as cryptocurrency wallets and browser data that contains stored passwords, cookies, and browsing history. The packages, which have been downloaded 330 times, are ...
1 month ago Bleepingcomputer.com
New Supply Chain Attack Leveraging Python Package Index Targeting Wacatac Trojan - A new supply chain attack has recently been detected targeting Python Package Index (PyPI) users with the Wacatac Trojan. This attack is seen as the latest in a series of advanced persistent threats (APT) targeting the escalating use of Python in ...
2 years ago Securityweek.com
New NPM Attack Infecting Local Packages With Cleverly Hidden Malicious Payload - These packages act as downloaders, injecting malicious code into locally installed versions of the legitimate ethers package, ultimately creating a reverse shell on the victim’s machine. The threat actor may have been attempting to ...
2 weeks ago Cybersecuritynews.com
PyPI Repository Found Hosting Fake Crypto Wallet Recovery Tools That Steal User Data - A new set of malicious packages has been unearthed in the Python Package Index (PyPI) repository that masqueraded as cryptocurrency wallet recovery and management services, only to siphon sensitive data and facilitate the theft of valuable digital ...
6 months ago Thehackernews.com

Latest Cyber News


Cyber Trends (last 7 days)