The risks associated with leveraging open source libraries, and the review needed, are increasing.
In the first half of 2025, cybersecurity researchers observed a sharp rise in the incidence of malicious code embedded in open source packages. Threat actors are embedding sophisticated malware into seemingly innocuous packages distributed through trusted registries like npm, PyPI, and Go Module. These malicious packages, once installed, can steal credentials, establish persistent remote access, or drain cryptocurrency wallets. With open-source code now accounting for up to 90% of software builds, these attacks present a serious and growing risk across all sectors.
These attackers are capitalizing on the speed, scale, and opacity of modern development practices—especially as artificial intelligence-powered coding tools automate much of the development process. Developers often overlook the full scope of their software dependencies, particularly the transitive packages that are bundled automatically. In this environment, techniques like typosquatting (e.g., swapping “metamaks” for “metamask”), obfuscation, and delayed malware execution (multi-stage payloads) have proven especially difficult to detect. One campaign identified by Socket.dev revealed North Korean-linked actors using an initial loader to steal browser data, followed by a stealthy backdoor—demonstrating the sophistication of these multi-stage approaches.
This expanding threat landscape has broad implications for all companies that rely on open source components in their applications, but threat actors often target specific industries. For example, attackers launched tailored campaigns distributing malicious npm packages to specifically compromise cryptocurrency developers.
To address these emerging threats, organizations may want to consider revisiting their processes for auditing open-source code that they incorporate into their software and environments. Strict governance policies around the use of open source components, including both initially vetting and continuous monitoring of these packages, can be helpful in mitigating these threats. Behavioral detection tools can also help catch sophisticated malware that traditional scanners might miss. Collaboration between business, development, security, and legal teams is critical to allow companies to establish a practical approach. Finally, staying informed about evolving threats and participating in industry-wide information sharing will empower organizations to anticipate and respond proactively to supply chain risks.
[View source.]
