Open Source Malware Surges 140% in Q3, Says Sonatype
Sonatype, a global leader in AI-powered DevSecOps, has reported a dramatic rise in sophisticated cyber threats within the open-source ecosystem, revealing that malicious packages surged 140% in the third quarter of 2025 as attackers increasingly weaponize developer tools using artificial intelligence.
In its latest Open Source Malware Index (Q3 2025), the company said it had identified 34,319 new malicious open-source packages across major repositories, including npm, PyPI, and Hugging Face. This brings the total number of malicious packages discovered by Sonatype since 2019 to 877,522, underscoring the escalating risk to global software supply chains.
“The era of noisy, opportunistic malware is over,” said Brian Fox, CTO and Co-founder of Sonatype. “Attackers are patient, organized, and increasingly using AI to embed themselves inside the very tools developers rely on. They’re hiding malicious payloads in plain sight, turning trusted open source dependencies into delivery mechanisms for data theft and persistence.”
In its latest Open Source Malware Index (Q3 2025), the company said it had identified 34,319 new malicious open-source packages across major repositories, including npm, PyPI, and Hugging Face. This brings the total number of malicious packages discovered by Sonatype since 2019 to 877,522, underscoring the escalating risk to global software supply chains.
“The era of noisy, opportunistic malware is over,” said Brian Fox, CTO and Co-founder of Sonatype. “Attackers are patient, organized, and increasingly using AI to embed themselves inside the very tools developers rely on. They’re hiding malicious payloads in plain sight, turning trusted open source dependencies into delivery mechanisms for data theft and persistence.”
Sonatype’s report highlighted a surge in supply chain attacks targeting the npm ecosystem, including high-profile hijack campaigns involving the widely used chalk and debug packages — both downloaded more than two billion times a week. Another campaign, dubbed “Shai-Hulud,” demonstrated worm-like propagation, enabling malicious code to spread across repositories, steal credentials, and republish infected packages.
Data theft emerged as the most common motive, accounting for 35% of detected malware, followed by a sharp rise in multi-stage and stealth-first attacks. Droppers, lightweight programs that install hidden backdoors or information stealers, made up 38% of all threats, while backdoor-laden packages rose 143% quarter-over-quarter.
Meanwhile, low-effort cryptomining malware continued to decline, representing just 4% of all threats this quarter — down from 6% in Q2 — reflecting a clear shift toward stealthier and more profitable operations.
Sonatype said its AI-powered Repository Firewall blocked more than 110,000 malware attacks in Q3, nearly half of which targeted financial services organizations. The company emphasized that open-source ecosystems are increasingly being exploited for data exfiltration and long-term access, rather than quick financial gains.
“The message is clear,” Fox said. “Developers are now on the frontlines of cyber warfare — and defending the supply chain requires the same level of intelligence and automation that attackers are using against it.”
