• Home
• Technology

A new report from Kaspersky’s Global Research and Analysis Team (GReAT) reveals a sharp escalation in software supply chain threats, with over 14,000 malicious open-source packages detected by the end of 2024 — a 48% increase compared to 2023.

Kaspersky researchers analyzed 42 million versions of open-source packages in 2024, uncovering a growing trend of cybercriminals exploiting the very tools that developers worldwide rely on. Platforms such as npm, PyPI, NuGet, and Maven — staples of modern software development — have become attractive vectors for embedding malware.

“Open-source software is the backbone of many modern solutions, but its openness is being weaponized,” said Dmitry Galov, Head of Research Center for Russia and CIS at Kaspersky GReAT. “The 50% rise in malicious packages shows attackers are actively embedding sophisticated backdoors and data stealers in popular packages relied on by millions.”

Lazarus Group’s npm Campaign and the XZ Backdoor

Among the most notable incidents, North Korea-linked Lazarus Group deployed multiple malicious npm packages in early 2025. These packages, which were downloaded several times before removal, contained malware designed to steal developer credentials, cryptocurrency wallet data, and install backdoors on systems running Windows, macOS, and Linux. The attackers leveraged GitHub repositories to appear legitimate, exemplifying advanced supply chain manipulation.

Kaspersky also drew attention to the discovery of a backdoor in XZ Utils (versions 5.6.0 and 5.6.1), a widely used compression library integrated into major Linux distributions, cloud servers, and IoT systems. The malicious code, inserted by a trusted contributor, allowed remote command execution via compromised SSH servers. Fortunately, it was caught before widespread exploitation, thanks to a spike in system performance anomalies.

AI Development Tools Also Targeted

In 2024, threat actors uploaded malicious Python packages to PyPI, such as chatgpt-python and chatgpt-wrapper, impersonating legitimate tools for interacting with OpenAI’s APIs. These packages were designed to steal sensitive information and install backdoors, specifically targeting the booming AI development ecosystem.

“These kinds of attacks have the potential to compromise everything from chatbot platforms to enterprise-level analytics systems,” said the Kaspersky report.

Kaspersky’s Recommendations for Developers and Organizations

To counter the rising threat, Kaspersky recommends organizations take the following actions:

Use real-time monitoring solutions to scan open-source components for hidden threats. Kaspersky’s open-source feed offers a proactive approach.

If compromise is suspected, leverage the Kaspersky Compromise Assessment to detect traces of past or active intrusions.

Verify the credibility of package maintainers, looking for consistent update history, documentation, and community activity.

Stay updated on emerging threats by subscribing to relevant security advisories and open-source vulnerability feeds.