Wednesday, May 7, 2025
Homecyber securityHackers Compromise Windows Systems Using 5000+ Malicious Packages

Hackers Compromise Windows Systems Using 5000+ Malicious Packages

Published on

SIEM as a Service

Follow Us on Google News

A recent analysis by FortiGuard Labs has revealed a significant increase in malicious software packages, with over 5,000 identified since November 2024.

These packages employ sophisticated techniques to evade detection and exploit system vulnerabilities, posing a substantial threat to Windows systems and other software environments.

The tactics used by attackers include low-file-count packages, suspicious install scripts, and the absence of repository URLs, which together make it challenging for traditional security measures to detect these threats.

- Advertisement - Google News
Windows Systems
Low file count for the NPM package xeno.dll v1.0.2

Malicious Software Packages on the Rise

The low-file-count packages, totaling 1,082, often contain minimal code designed to execute harmful actions undetected.

Windows Systems
Low file count for the PyPI package AffineQuant v99.6

These packages may use command overwrites, obfuscation techniques like base64 encoding, and suspicious behavior flagged by machine learning systems.

Additionally, 1,052 packages embed suspicious install scripts that silently deploy malicious code during installation, bypassing security checks.

According to FortiGuard Labs Report, these scripts can modify the standard installation process to execute harmful actions without the user’s knowledge, such as data exfiltration via HTTP POST requests or suspicious API calls.

Emerging Threats and Attack Cases

Among the highlighted attack cases, malicious Python packages like AffineQuant-99.6 and amzn-aws-glue-ml-libs-python-6.1.5 exploit setup files to collect system information, including MAC addresses and hostnames, and send this data to remote servers controlled by attackers.

These attacks underscore the risk developers face when installing packages from untrusted sources, potentially leading to stolen credentials and further attacks.

Another notable case involves a malicious Node.js script that secretly collects sensitive information from a victim’s machine and sends it to an external server via a Discord webhook.

This script retrieves internal and external IP addresses, system details, and user information, making it highly invasive and enabling attackers to track the victim’s machine for further exploitation.

To protect against these emerging threats, it is crucial for organizations and individuals to stay informed about the latest threats and implement proactive defense measures.

This includes regular system updates, advanced threat detection tools, and user education on identifying suspicious activity.

Fortinet’s FortiGuard AntiVirus service detects and protects against these malicious files, while the FortiDevSec SCA scanner identifies and prevents malicious dependencies from being introduced into projects.

By adopting robust security strategies, users can mitigate the risks associated with these malicious packages and safeguard their systems from potential attacks.

Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.

Aman Mishra
Aman Mishra
Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Latest articles

BFDOOR Malware Targets Organizations to Establish Long-Term Persistence

The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations,...

Uncovering the Security Risks of Data Exposure in AI-Powered Tools like Snowflake’s CORTEX

As artificial intelligence continues to reshape the technological landscape, tools like Snowflake’s CORTEX Search...

UNC3944 Hackers Shift from SIM Swapping to Ransomware and Data Extortion

UNC3944, a financially-motivated threat actor also linked to the group known as Scattered Spider,...

Over 2,800 Hacked Websites Targeting MacOS Users with AMOS Stealer Malware

Cybersecurity researcher has uncovered a massive malware campaign targeting MacOS users through approximately 2,800...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

BFDOOR Malware Targets Organizations to Establish Long-Term Persistence

The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations,...

Uncovering the Security Risks of Data Exposure in AI-Powered Tools like Snowflake’s CORTEX

As artificial intelligence continues to reshape the technological landscape, tools like Snowflake’s CORTEX Search...

UNC3944 Hackers Shift from SIM Swapping to Ransomware and Data Extortion

UNC3944, a financially-motivated threat actor also linked to the group known as Scattered Spider,...