Malicious Code Digest Monthly Recap: July 2024 Edition

Welcome to the latest edition of the Xygeni Malicious Code Digest (Monthly edition), where our security researchers bring you the latest discoveries of malicious packages in software registries.

This month, our teams have been hard at work identifying and blocking threats to ensure the security of our customers’ software supply chain. Over the past few weeks, we uncovered and reported a significant number of malicious packages infiltrating various open-source component registries. These findings highlight the ongoing vulnerabilities and the critical need for robust security measures.

In July 2024, we confirmed a total of over 80 malicious packages across multiple registries. This includes a range of threats from data exfiltration and typosquatting to dependency confusion attacks. Here’s a detailed breakdown of our findings throughout the month:

Week 4: Over 35 Packages Discovered

Key Findings:

NPM Package:
- @celigo/fuse-ui:9.7.7
- appds-nodejs-utils:0.2.0
- chromestatus-openapi:69.69.69
- fireauth.args:69.69.69
- fireauth.args:70.69.69
- fireauth.args:71.69.69
- fe-bootstrap:71.69.69
- thefisherp:9.9.9
- fitbit-widget-dropdown:69.69.69
- fitbit-widget-dropdown:70.69.69
- generalytics:7.0.0
- generalytics:7.0.1
- infowrap-filepicker:1.0.7
- inline-icons:71.69.69
- invapp-biometric:0.31.1
- invapp-core:0.31.1
- jqtools-overlay:69.69.69
- jqtools-overlay:70.69.69
- jqtools-toolbox-expose:69.69.69
- jqtools-toolbox-expose:70.69.69
- next-react-notify:1.0.0
- oj-odcs-common:3.3.0
- oj-odcs-common:9.9.9
- sfly-mobile-cart:1.0.0
- siilobv:12.12.12
- toolbox-v2:70.69.69
- ui-datepicker-week-end:1.0.0
Pypi Packages:
- gentorqkkh:0.1
- pybanners:0.0.1
- pybanners:0.0.2
- pybanners:0.0.3
- pybanners:0.0.4
- testjsonn1:0.1
- testjsonn1:0.3
- testjsonn1:0.4

Week 3: Over 20 Packages Discovered

Key Findings:

NPM Packages:
- @mariott/mi-headless-utils:1.0.0
- always-target:1.0.0
- etp-config-store:200.0.1
- express-jwt-v6:6.0.5
- express-jwt-v7:7.7.9
- fe-bootstrap:69.69.69
- halifax:99.9.10
- incendiumrocks:1.0.0
- jquery-ui-dialog:0.0.0
- mock_simple_module:1.0.2
- mock_simple_module_relative:1.0.1
- mmp-test-utils:9.9.9
- next-shuffle-token:1.0.0
- personal-profile-common:9.9.9
- react-notify-shuffle:1.0.0
- react-table-flex:1.0.0
- react-use-notify:1.0.0
- redmond:99.9.10
- testalonimaurice:9.9.9
- thefisheridx:0.0.1
- usaa-a11y-test:9.9.9

Week 2: Over 10 Packages Discovered

Key Findings:

NPM Packages:
- aroly-test:1.0.10
- bkdevportal:1.0.0
- branch-deploy-action:2.1.1
- inline-icons:69.69.70
- job-specs:1.0.0
- job-specs:1.0.2
- lib-automotive-call-cdm:1.12.1
- mva10-angular:8.2.0
- react-devtools-fusebox:2.1.1
- routesmap:69.69.69
- searchwp-live-ajax-search:2.0.0
- toolbox-v2:69.69.69
- two-column-image-text-grid:69.69.69
- website-next:0.1.0

Week 1: Over 10 Packages Discovered

Key Findings:

NPM Packages:
- addcriteria:69.69.69
- always-target:1.0.0
- bageth:1.0.0
- bluefin-exchange-contracts-evm:2.2.0
- cra-docs:7.999.52
- demo-51200:1.0.0
- kiln-desktop:2.2.0
- node-red-contrib-libraries:0.0.1
- node-red-contrib-reverse-shell:0.0.1
- node-red-contrib-reverse-shell:0.0.2
- orderly-omnichain-occ:1.0.0
- prpc-client-instance.js:69.69.69
- react-release-script:1.9.9

Malicious Code Digest Monthly Recap: July 2024 Edition

Table of Contents

Latest posts of interest

Week 4: Over 35 Packages Discovered

Week 3: Over 20 Packages Discovered

Week 2: Over 10 Packages Discovered

Week 1: Over 10 Packages Discovered

Secure Your Open Source Dependencies against Vulnerabilities and Malicious Code

Secure your Software Development and Delivery

with Xygeni Product Suite

Products

Resources

Company

Legal