malicious-code-digest

Malicious Code Digest Monthly Recap: September

Welcome to the latest edition of the Xygeni Malicious Code Digest (Monthly edition), where our security researchers bring you the latest discoveries of malicious packages in software registries.

This month, our teams have been hard at work identifying and blocking threats to ensure the security of our customers’ software supply chain. Over the past few weeks, we uncovered and reported a significant number of malicious packages infiltrating various open-source component registries. These findings highlight the ongoing vulnerabilities and the critical need for robust security measures.

In September 2024, we confirmed a total of over 170 malicious packages across multiple registries. This includes a range of threats from data exfiltration and typosquatting to dependency confusion attacks. Here’s a detailed breakdown of our findings throughout the month:

Week 4: Over 75 Packages Discovered

Key Findings:

  • NPM Package:
    • apply-brand-color:999.0.2
    • b2b-buyer-portal:55.55.56
    • bc-baseline:999.9.91
    • bc-carousel:999.9.91
    • bce-service-bos-transport:999.9.91
    • bigcommerce-monit:55.55.56
    • blockpi:1.0.0
    • cgpt_burn_tracker_frontend:1.0.3
    • cktool.database:999.9.91
    • cktool.target.nodejs:999.9.91
    • com.sendbird.calls:999.0.2
    • com.sendbird.chat:999.9.92
    • composed-react-app:999.0.2
    • dcnm-core:1.0.3
    • design-system-components-angular:999.9.91
    • design-system-intranet-header-workspace:999.9.91
    • design-system-migrations:999.9.91
    • discord-clone:999.0.2
    • dox_assets:100.5.0
    • eslint-config-b2b:999.9.91
    • evermade-bare-theme:1.0.1
    • govuk-frontend-v4:99.9.9
    • hubs-bot:999.0.2
    • internet-header:999.9.91
    • jacoco-report:999.0.2
    • local-node-rig:99.9.9
    • maker-governance-dashboard-server:1.0.1
    • message-template-app:999.0.2
    • ml-translate-vis:999.9.91
    • orderly-evm-crosschain:1.0.0
    • ory-docs:2.0.0
    • quickstart-calls-chat-integration:999.9.92
    • quickstart-live-audio-only-sample-javascript:999.0.2
    • release-automation-action:999.0.2
    • rn-quickstart-directcall:999.0.2
    • saml-mock-idp:999.0.2
    • sendbird-chatgpt-sample-react:999.0.2
    • sendbird-hubs:999.0.2
    • sendbird-moderation-dashboard-node:999.0.2
    • sendbird-uikit-gpt:999.9.92
    • sendbird-uikit-integration:999.0.2
    • smp-imsc:99.9.9
    • tannucolingboys:99.0.0
    • typescript-error-reporter-action:999.0.2
    • uikit-app-promotions-sample:999.9.92
    • unguess-react:1.5.0
    • vtadmin:999.0.2
    • wpdesigndev.wp.agoda.com:100.0.5
    • @energysolutions/mylib:99.9.9
    • @energysolutions/mylib:9998.998.998
    • @energysolutions/mylib:9998.999.998
    • @energysolutions/mylib:9998.999.999
    • @energysolutions/mylib:999999999.999999.999999
    • airwallex-platform-onboarding-sdk-demo-react:1.0.0
    • atomic-swap:1.0.3
    • civo-documentation:2.0.0
    • djangopeople:3.3.3
    • djangosnippets:9.9.9
    • font-lato-2-subset:0.4.1
    • ibm-strings:1000.0.0
    • linear-airbyte-source:9.9.10
    • linear-airbyte-source:9.9.9
    • livingdesign-components:1.0.0
    • makebetteremail:1.0.1
    • meditek:1.0.2
    • minification:1.0.0
    • missive-webhooks:1.0.0
    • onfido-web-sdk-angular:0.1.0
    • paddle-subscription:0.1.0
    • rust-functions:1000.0.0
    • spiffe.io:9.10.0
    • stedi-integrations:6.1.0
    • stedi-integrations:7.5.0
    • test-object-model:0.7.6
    • tq-assignment-js:1.0.0

Week 3: Over 50 Packages Discovered

Key Findings:

  • NPM Packages:
    • acronym-decoder-chrome-angular:1.0.0
    • afe-host-client:1.1.0
    • autogen_studio:1.0.2
    • bamoe-standalone-bpmn-and-dmn-editors-classic:100.0.0
    • bamoe-standalone-dmn-editor:100.0.0
    • basecontext:92.2.2
    • bby-node-logger:4.2.2
    • bby-node-logger:4.2.4
    • bsc-stdlib-polyfill:0.0.1
    • crowdin-cli-website:1.0.0
    • cst-web-chat:74.8.5
    • dither-client:2.0.0
    • dmn-editor-envelope:100.0.0
    • handlebars-helper-attrs:100.0.0
    • huehue:0.0.1
    • infosnap-secure-family-portal:6.3.1
    • myotherpkg:100.0.0
    • princedecmtest:1.0.0
    • princedevmt-test-1:1.0.2
    • princedevmt-test-2:1.0.0
    • princedevmt-test:1.0.1
    • shopify-app-session-storage-test-utils:100.0.0
    • smtp2go:1.0.1
    • symphony-lib:1000.0.2
    • translate-readme:0.1.6
    • ui-extensions-test-utils:100.0.1
    • @kms-types/config:99.9.11
    • @mediaspace/shared:99.9.1
    • @thd-eux/theme-mui:0.2.1
    • 0g-storage-contracts:2.0.0
    • ably-engineering:1.0.3
    • ably-engineering:1.0.4
    • ably-sales-demo-frontend:0.1.4
    • apigeeclientlib:3.0.2
    • apigeeclientlib:3.0.3
    • awsspeedtest:1.1.0
    • bcoin-full:2.0.0
    • com.meta.xrpa:1.0.0
    • cui-i18n-coke:9.0.2
    • deeperscan-nft:0.1.0
    • dep_malc:10.2.5
    • events_pkg:100.0.0
    • mfp-config-xml:1000.0.0
    • onfido-web-sdk-angular:0.1.0
    • paddle-subscription:0.1.0
    • rust-functions:1000.0.0
    • saptiya:8.0.0
    • sigma-errors:9.0.2
    • source-registry-storage-adapter:100.0.0
    • stedi-integrations:6.1.0
    • stedi-integrations:7.5.0
    • tappp-tv-ui-lib:9.9.9
    • visionmedia-debug:3.1.0
    • wmctf2024emmm:1.0.0
    • xto10x:99.0.1

Week 2: Packages Discovered

Key Findings:

  • NPM Packages:
    • skibo:1.0.0
    • js-rust-grpc-quotes:9999.0.0
    • js-rust-grpc-quotes:999.0.0
    • iojds:9.0.0
    • ioiwds:9.0.0
    • ably-engineering:1.0.2

Week 1: Over 35 Packages Discovered

Key Findings:

  • NPM Packages:
    • afe-base-component:3.1.0
    • nspwieo:12.62.28
    • videoads-util-capability-detection:1.0.9
    • 0g-storage-contracts:2.0.0
    • apigeeclientlib:3.0.2
    • apigeeclientlib:3.0.3
    • com.nethereum.unity:4.19.2
    • dvpawebwidgetsdetailspageclient:2.2.2
    • eslint-plugin-woocommerce:99.99.99
    • mhnumjp:1.999.1
    • relayer-engine:99.99.99
    • solhint-plugin-yearn:99.99.99
    • thd-localizer:9.4.2
    • woocommerce-grow-jsdoc:99.99.99
    • wordpress-components-slotfill:99.99.9
  • PyPi Packages:
    • pojang-resorter:2.32.22
    • pojang-resorter:2.32.23
    • pojang-resorter:2.32.24
    • pojang-resorter:2.32.25
    • pojang-resorter:2.32.26
    • pojang-resorter:2.32.29
    • pojang-resorter:2.32.30
    • pojang-resorter:2.32.31
    • pojang-resorter:2.32.33
    • pojang-resorter:2.32.35
    • pojang-resorter:2.33
    • pojang-resorter:2.34
    • pojang-resorter:2.4
    • pojang-resorter:5.6
    • 48484efej8id:0.1
    • pojang-resorter:2.32.18
    • pojang-resorter:2.32.19
    • pojang-resorter:2.32.20
    • pojang-resorter:2.32.21
    • pojang-resorter:5.6.1
    • pojang-resorter:5.6.2
    • pojang-resorter:5.6.3

Secure Your Open Source Dependencies against Vulnerabilities and Malicious Code

Minimize risks and protect your applications from malicious packages with Xygeni Early Malware Detection. Prioritize and address the vulnerabilities that matter most. Our comprehensive solution offers real-time monitoring of your dependencies to detect and mitigate threats before they impact your software.

Managing open-source components in the current software development landscape is crucial due to the rising vulnerabilities and malicious code threats. Xygeni’s Open Source Security solution scans and blocks harmful packages upon publication, dramatically minimizing the risk of malware and vulnerabilities infiltrating your systems. Our comprehensive monitoring spans multiple public registries, ensuring all dependencies are scrutinized for safety and integrity. Xygeni enhances your team’s ability to maintain secure and reliable software projects by contextually prioritizing critical issues and facilitating streamlined remediation processes.

Secure your Software Development and Delivery

with Xygeni Product Suite