Fortinet Identifies Malicious Packages in the Wild: Insights and Trends from November 2024 Onward

FortiGuard Labs analyzed over a thousand malicious OSS packages (detected since Nov 2024), identifying prevalent techniques—low file counts, malicious install scripts, suspicious URLs/APIs, obfuscation, and repository absence—and highlighting specific Python, Node.js, and JavaScript packages that perform data collection, exfiltration (e.g., Discord webhooks, HTTPS APIs), keylogging, and backdoor installation; the report provides IOC hashes and vendor detections and recommends vigilance, scanning, and use of secure development controls.