Welcome to the latest edition of the Xygeni Malicious Code Digest (Monthly Edition)! Over the past few weeks, our teams have been hard at work identifying and blocking emerging threats to safeguard the integrity of our customers’ software ecosystems. These findings highlight the persistent vulnerabilities within open-source component registries and emphasize the necessity of proactive detection and mitigation strategies.
In April 2025, we analyzed and reported over 60 malicious packages spreading across multiple registries, marking a significant increase compared to previous months. The threats identified range from data exfiltration and typosquatting to dependency confusion attacks, underscoring the evolving tactics used by threat actors.
Week 3: Over 15 Packages Discovered
Key Findings:
NPM Packages:
- (npm) besec:1.0.0
- (npm) cerberus-management-dashboard:1.0.0
- (npm) gcp-alert-service:1.0.0
- (npm) jcp-benchmarking:1.0.0
- (npm) oauth-web-flow:1.1.0
- (npm) orderly-js-sdk-remix-template:1.0.0
- (npm) studocu-extension-pack:1.0.0
- (npm) vault-action:2.0.2
- (npm) vault-action:2.0.3
- (npm) vault-action:2.0.4
- (npm) voice-quickstart-server-node:1.1.0
- (npm) @joshcyber123/frontend-logger:1.0.1
- (npm) pp-admin-commons:9.9.92
- (npm) test-kaks3c:10.0.4
Week 2: Over 15 Packages Discovered
Key Findings:
NPM Packages:
- (npm) toloka-tb:99.0.0
- (npm) sprocket-webapp-poc10:99.99.99
- (npm) internallib_v921:1.0.3
- (npm) discord.js-selfbot-13:3.6.1
- (npm) cxo-storyboard:99.0.5
- (npm) cxo-storyboard:99.0.4
- (npm) camel-website:1.0.0
- (npm) vault-action:2.0.4
- (npm) vault-action:2.0.3
- (npm) vault-action:2.0.2
- (npm) studocu-extension-pack:1.0.0
- (npm) jcp-benchmarking:1.0.0
- (npm) gcp-alert-service:1.0.0
- (npm) cerberus-management-dashboard:1.0.0
- (npm) awetztest:99.9.10
- (npm) aspose:9.9.9
Week 1: Over 30 Packages Discovered
Key Findings:
NPM Packages
- eqbank:1.0.0
- sdk-coin-btg:1.0.0
- sdk-coin-celo:1.0.0
- sdk-coin-cspr:1.0.0
- sdk-coin-dot:1.0.0
- sdk-coin-dot:2.0.0
- sdk-coin-eos:1.0.0
- sdk-coin-eos:2.0.0
- sdk-coin-etc:1.0.0
- sdk-coin-etc:2.0.0
- sdk-coin-eth2:1.0.0
- sdk-coin-eth:1.0.0
- sdk-coin-ethw:1.0.0
- sdk-coin-ltc:1.0.0
- sdk-coin-near:1.0.0
- sdk-coin-polygon:1.0.0
- startpeople-website:1.0.0
- bespoke-es:1.0.0
- careers.klaviyo.com:1.0.0
- dhruva_dashboard:1.0.0
- juvare:1.0.0
- next-campaign:1.0.0
- nextmvc3primary:1.0.0
- packageblueimp-file-upload:9.22.0
- regiepult:1.0.0
- rent4business-mcp-server:1.0.0
- rent4business-mcp-server:1.0.1
- ria-learninghub:1.0.1
- social-mask-live-chat-sdk:1.0.34
- social-mask-live-chat-sdk:1.0.37
- sony-liv-smarttv:1.0.0
- sticos.oppslag.web:1.0.0
- talsec-react-native-security-plugin:1.1.1
- web-commerce-hook:1.0.0
- wynn-and-encore:1.0.0
- yuntianznxx-yoyo:1.0.1
Secure Your Open Source Dependencies against Vulnerabilities and Malicious Code
Minimize risks and protect your applications from malicious packages with Xygeni Early Malware Detection. Prioritize and address the vulnerabilities that matter most. Our comprehensive solution offers real-time monitoring of your dependencies to detect and mitigate threats before they impact your software.
Managing open-source components in the current software development landscape is crucial due to the rising vulnerabilities and malicious code threats. Xygeni’s Open Source Security solution scans and blocks harmful packages upon publication, dramatically minimizing the risk of malware and vulnerabilities infiltrating your systems. Our comprehensive monitoring spans multiple public registries, ensuring all dependencies are scrutinized for safety and integrity. Xygeni enhances your team’s ability to maintain secure and reliable software projects by contextually prioritizing critical issues and facilitating streamlined remediation processes.
