MCD_5

Xygeni Malicious Code Digest 5: Over 15 packages discovered

This week, we confirmed over 15 packages flagged as malicious among the thousands of analyzed new packages and updates published in the open-source package registries. 

Xygeni Malicious Code Digest

In the latest Xygeni Malicious Code Digest, we have highlighted over 15 malicious packages that infiltrated the most common registries. This breach reveals a significant vulnerability within the software supply chain ecosystem.

Total of Maliocus NPM Packages Detected

🚨(npm) financialforce:3.0.0

🚨 (npm) grammarly-desktop:10.5.1

🚨 (npm) gravityforms:2.5.10

🚨 (npm) lls-lowcode-utils:2.3.1

🚨(npm) lls-lowcode-utils:4.3.5

🚨(npm) realtimeboard:11.1.1

🚨 (npm) brand-adidas-asset-fonts:3.0.1

🚨 (npm) brand-adidas-design-tokens:11.0.1

🚨(npm) delaware:1.0.1

🚨(npm) mistica:1.0.9

🚨 (npm) sellsy-kering-app:1.0.0

🚨 (npm) tcm-app-migration-miles-react:1.0.5

🚨 (npm) theme-name:1.0.0

🚨 (npm) wp-delivery-hero-core-v2:2.2.0

🚨 (pypi) blypack:0.300 [Music]

Protect Your Application against Malicious Open Source Dependencies 

Xygeni Early Malicious Code Detection supports you by automatically analyzing any new or updated open-source package. We notify you as soon as we detect any suspicious evidence of malware and add the dependency to a blacklist so you can halt the automatic build or delivery of your application before any infection risks.

With Early Detection and Early Warning mechanisms, Xygeni ensures the security and integrity of your applications.

Secure your Software Development and Delivery

with Xygeni Product Suite