According to Foresight News, Sonatype, a company specializing in end-to-end software supply chain security, has released its Open Source Malware Index for the first quarter of 2025. The report highlights significant activities, including nearly ten incidents of npm crypto package hijackings, counterfeit VS Code Truffle packages, and malware targeting Solana developers.
The findings indicate that cryptocurrency mining software accounted for 7% of the malware detected in this period, doubling from 3.5% in the fourth quarter of 2024. This increase underscores the growing threat posed by malicious software in the open-source ecosystem.
