Malicious Code Digest Monthly Recap: May 2024 Edition

Welcome to the latest edition of the Xygeni Malicious Code Digest (Monthly edition), where our security researchers bring you the latest discoveries of malicious packages in software registries.

This month, our teams have been hard at work identifying and blocking threats to ensure the security of our customers’ software supply chain. Over the past few weeks, we uncovered and reported a significant number of malicious packages infiltrating various open-source component registries. These findings highlight the ongoing vulnerabilities and the critical need for robust security measures.

In May 2024, we confirmed a total of over 100 malicious packages across multiple registries. This includes a range of threats from data exfiltration and typosquatting to dependency confusion attacks. Here’s a detailed breakdown of our findings throughout the month:

Week 5: Over 15 Packages Discovered

  • Key Findings:
    • NPM Packages:
      • activities-ui-components:4.0.3
      • @bitkub-moonshot/bitkubx-wallet:1.0.0
      • @bitkub-moonshot/common:1.0.0
      • @panel-layout/layout:6.21.0
      • recommendations-fe:4.0.1
      • taxes-experience-malicious:1.0.0
      • taxes-experience:1.1.0
      • tec-docs:1.0.0
      • testpackage11:8.30.0
      • tml-language-picker:66.0.0
      • Linkinbio-web-components:1.0.0
    • PyPI Package:
      • Promcode:8.0
      • Pstullx:8.0

Week 4: Over 15 Packages Discovered

  • Key Findings:
    • NPM Packages:
      • financialforce:3.0.0
      • grammarly-desktop:10.5.1
      • gravityforms:2.5.10
      • lls-lowcode-utils:2.3.1, 4.3.5
      • realtimeboard:11.1.1
      • brand-adidas-asset-fonts:3.0.1
      • brand-adidas-design-tokens:11.0.1
      • delaware:1.0.1
      • mistica:1.0.9
      • sellsy-kering-app:1.0.0
      • tcm-app-migration-miles-react:1.0.5
      • theme-name:1.0.0
      • wp-delivery-hero-core-v2:2.2.0
    • PyPI Package:
      • blypack:0.300 [Music]

Week 3: Over 20 Packages Discovered

  • Key Findings:
    • NPM Packages:
      • @pocdz/crm-components:3.23.0
      • barrio_sass:8.4.1
      • cta-onboard-express:2.0.0
      • editor-languages:1.0.1, 1.0.3, 1.0.4
      • fury-sites:1.11.6
      • income_access_npm_config:1.0.0
      • input-fns:1.0.3
      • link-ui-i20n, i21n, i22n, i23n, i24n:1.0.0
      • looleh-ts:9.9.9
      • skinport-rest-docs:0.0.1
      • syfadis.experience:1.0.0
      • system-info-sender:2.0.3
      • tcm-app-migration-miles-react:1.0.0
      • this-will-fail:1.0.1
      • Walkme-killer:1.0.0

Week 2: Over 30 Packages Discovered

  • Key Findings:
    • NPM Packages:
      • zxcvbnmmmmmmkjhgfdssss:1.0.0, 1.0.1, 1.0.2
      • walkme-killer:1.0.0
      • skeletor-block-facetwp-filter:1.0.0
      • screen-control:1.0.3
      • plugins-bot:1.0.0
      • ping-bot-reduction:0.1.0, 0.2.0
      • link-ui-i19n:1.0.0
      • lamia471:1.0.1
      • jetpack-custom-fonts:2.1.1
      • isp-orion-theme:1.1.2
      • icomm-mobile:1.0.0
      • hw-transition-animation:66.6.9
      • generic-synthetic-nodejs:100.0.7, 100.0.8
      • gcommon-ui-mobile:1.0.0
      • forage-core:2.1.3
      • eckoplugin:4.7.0
      • discord-bot-3:1.0.0
      • delphire-io-portal:1.0.0
      • chair-client:1.0.0
      • by-network:12.6.1
      • by-gtm:12.6.1
      • by-dynamic-domain:1250.6.1
      • bullshittss:1250.6.1
      • bot-login-plugins:1.0.2
      • avx-web-core, build, javascript-testing:1000.0.1
      • actions-next-bundle-analyzer:1.1.4
      • @pwndz/crm-components:3.18.0

Week 1: Over 30 Packages Discovered

  • Key Findings:
    • NPM Packages:
  • (npm) @diligentcorp/atlas-ng:9999.0.0
  • (npm) epc-core-error-handling:66.6.0
  • (npm) epc-core-error-handling:66.6.1
  • (npm) epc-menu-header-poc:66.6.0
  • (npm) epc-onboarding-web:6.6.6
  • (npm) epc-staticpages-web:66.6.0
  • (npm) epc-staticpages-web:66.6.1
  • (npm) epc-staticpages-web:66.6.2
  • (npm) epc-teste-lykos:66.6.2
  • (npm) hw-popup:66.6.1
  • (npm) hw-popup:66.6.2
  • (npm) hw-tooltip:66.6.6
  • (npm) hw-webpack-config:66.6.0
  • (npm) libx-amount:1.0.2
  • (npm) test1_lykos:66.6.1
  • (npm) epc-notification-setting-web:66.6.9
  • (npm) epc-primer-ui-tags:66.6.9
  • (npm) hw-transition-animation:66.6.9
  • (npm) not-exist-lykos-poc2:66.6.9
  • (npm) eslint-config1:0.100.1
  • (npm) agencyportal-web:5.1.0
  • (npm) actions-next-bundle-analyzer:1.1.4

Secure Your Open Source Dependencies against Vulnerabilities and Malicious Code

Minimize risks and protect your applications from malicious packages with Xygeni Early Malware Detection. Prioritize and address the vulnerabilities that matter most. Our comprehensive solution offers real-time monitoring of your dependencies to detect and mitigate threats before they impact your software.

Managing open-source components in the current software development landscape is crucial due to the rising vulnerabilities and malicious code threats. Xygeni’s Open Source Security solution scans and blocks harmful packages upon publication, dramatically minimizing the risk of malware and vulnerabilities infiltrating your systems. Our comprehensive monitoring spans multiple public registries, ensuring all dependencies are scrutinized for safety and integrity. Xygeni enhances your team’s ability to maintain secure and reliable software projects by contextually prioritizing critical issues and facilitating streamlined remediation processes.

Unifying Risk Management from Code to Cloud

with Xygeni ASPM Security