Attackers are embedding malicious code into the very tools developers trust to protect against it.
The recently released Open Source Malware Index, Q3 2025 analyzed nearly 35,000 open-source malware packages discovered by Sonatype across major open-source registries including npm, PyPI, Hugging Face and more. Sonatype CTO and Co-Founder Brian Fox said the analysis confirms the era of “noisy, opportunistic malware” has given way to a sneakier kind.
“Attackers are patient, organized and increasingly using AI to embed themselves inside the very tools developers rely on,” he said. “They’re hiding malicious payloads in plain sight, turning trusted open-source dependencies into delivery mechanisms for data theft and persistence. Defenders need to match that sophistication with AI-driven visibility and proactive controls that stop threats before they ever reach a developer’s environment.”
According to a release from Sonatype, evidence shows attackers aren’t only inserting malicious code into the ecosystem in small ways but doing so at scale and with self-propagating capabilities.
Two especially widespread campaigns include the chalk and debug package, which impacted components that see more than 2 billion weekly downloads, as well as the Shai-Hulud campaign characterized by worm-like behavior that allowed malicious code to repeat itself across repositories, exfiltrate credentials and publish new compromised packages.
These trends expose data as the ultimate target and the reason for supply chain attacks facing new frontlines, the company said.
“In Q3, data exfiltration malware accounted for 37% of all malicious open-source packages detected, underscoring what previous quarters have shown: there is a growing trend toward intelligence-gathering, espionage, and monetization of stolen data,” according to the release. “Adversaries are targeting developer credentials, access tokens, and proprietary information, transforming open-source ecosystems into rich hunting grounds for data-driven exploitation.”
Since the second quarter, “backdoor-laden packages” grew 143%, according to Sonatype, showing attackers are leaning heavily on malware that installs, hides and maintains long-term access while posing as safe. Sonatype Repository Firewall is a solution designed to block these types of attacks, the company said.