Thursday, May 22, 2025
HomeCyber Security NewsPackage Analysis - OpenSSf Tool to Detect Malicious Packages in Popular Open-Source...

Package Analysis – OpenSSf Tool to Detect Malicious Packages in Popular Open-Source Repositories

Published on

SIEM as a Service

Follow Us on Google News

A prototype version of the Package Analysis tool has been recently released by the Open Source Security Foundation (OpenSSF), and it is the first of its kind to be published.

Using this tool, you can identify malicious attacks against open source registries in real-time and counter them. A short period of time after its release on GitHub, this tool identified more than 200 malicious packages using npm and PyPI in a pilot run that lasted less than a month.

This project analyses the packages found in open source repositories to find out:- 

- Advertisement - Google News
  • How do they behave? 
  • What capabilities do they have?
  • What files do they access?
  • What addresses do they connect to?
  • What commands do they run?

Robust Tool to Scan open-source Repositories

This repository houses tools which are used to analyze open-source software packages, in particular, malware in the following packages:- 

  • npm packages
  • PyPI packages

As a result of this effort, open-source software will be better protected through the following reporting:-

  • Detecting malicious behavior.
  • Informing consumers selecting packages.
  • Providing researchers with data about the ecosystem.

There is one malicious package that has been identified by Package Analysis among all the suspect packages: ‘colorsss’. While this package has been found to be formerly deemed malicious.

Almost all of the packages that have been found contain a simple script that runs and requests a few details about the host from home during an installation process.

In most cases, these packages are created by security researchers looking to find bug bounties as part of a bug bounty program.

There is no attempt to conceal their behavior, and the majority of them are capable of extracting meaningful information from the system like:-

  • Name of the machine/system
  • Username

Future Goals

Here below we have mentioned all the future goals of the Package Analysis tool:-

  • The ability to detect changes in package behavior over time.
  • The packaging analysis results can be processed automatically after they have been received.
  • In order to maintain long-term analysis of the stored packages, they are stored themselves as they are processed.
  • The pipeline will gain greater reliability by improving its efficiency of the pipeline.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

CefSharp Enumeration Tool Identifies Critical Security Issues in .NET Desktop Applications

Cybersecurity researchers and red teamers, a newly released tool named CefEnum is shedding light...

Russian Hackers Exploit Oracle Cloud Infrastructure to Target Scaleway Object Storage

Russian threat actors have been leveraging trusted cloud infrastructure platforms like Oracle Cloud Infrastructure...

Critical Vulnerability in Netwrix Password Manager Enables Authenticated Remote Code Execution

A critical security vulnerability has been discovered in Netwrix Password Secure, a widely used...

Cityworks Zero-Day Vulnerability Used by UAT-638 Hackers to Infect IIS Servers with Shell Malware

Cisco Talos has uncovered active exploitation of a zero-day remote-code-execution vulnerability, identified as CVE-2025-0994,...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

CefSharp Enumeration Tool Identifies Critical Security Issues in .NET Desktop Applications

Cybersecurity researchers and red teamers, a newly released tool named CefEnum is shedding light...

Russian Hackers Exploit Oracle Cloud Infrastructure to Target Scaleway Object Storage

Russian threat actors have been leveraging trusted cloud infrastructure platforms like Oracle Cloud Infrastructure...

Critical Vulnerability in Netwrix Password Manager Enables Authenticated Remote Code Execution

A critical security vulnerability has been discovered in Netwrix Password Secure, a widely used...