Kaspersky Exposes 37% Surge in Malicious Packages Threatening Software Supply Chains

Recent telemetry from Kaspersky reveals a significant rise in malicious packages infiltrating open-source projects, with nearly 19,500 instances identified by the end of 2025. This marks a staggering 37% increase compared to the previous year, underscoring the growing vulnerabilities within software supply chains. As modern software development increasingly relies on open-source components, the risks associated with these packages have become a pressing concern for organizations globally.

The Growing Threat Landscape

The integration of open-source software into commercial products has revolutionized software development, providing developers with access to a vast array of tools and libraries. However, this reliance also opens the door to potential threats. Malicious packages can be deliberately embedded within open-source projects, rendering products susceptible to exploitation, including supply chain attacks. A recent global study by Kaspersky indicates that supply chain attacks have emerged as the predominant cyber threat facing businesses in the past year.

High-Profile Supply Chain Attacks

Kaspersky’s findings highlight several notable supply chain attacks that have occurred recently, illustrating the real-world implications of these vulnerabilities:

1. CPU-Z and HWMonitor Compromise (April 2026): The official websites for CPU-Z and HWMonitor, widely used tools for monitoring hardware performance, were compromised. Attackers replaced legitimate software downloads with malware-laden installers. Kaspersky’s Global Research and Analysis Team (GReAT) determined that the compromise lasted approximately 19 hours, affecting over 150 victims across various countries, predominantly individual users. The attack impacted organizations in sectors such as retail, manufacturing, consulting, telecommunications, and agriculture.

2. Axios Package Hijack (March 2026): The widely utilized JavaScript HTTP client, Axios, fell victim to a compromise when attackers hijacked a maintainer’s account. They published poisoned versions of the package (1.14.1 and 0.30.4), which did not contain harmful code directly but introduced a phantom dependency that deployed a cross-platform Remote Access Trojan (RAT). This dependency contacted a command-and-control server and erased its traces across macOS, Windows, and Linux. Both versions were removed within hours, and the dependency was placed under a security hold. Kaspersky GReAT confirmed that this attack shared tactics with previous campaigns, including Bluenoroff’s GhostCall and GhostHire.

3. Notepad++ Infrastructure Breach (February 2026): The developers of Notepad++, a popular open-source text and code editor, reported a compromise of their infrastructure due to an incident with their hosting provider. Kaspersky GReAT researchers discovered that the attackers employed at least three distinct infection chains, targeting a government organization in the Philippines, a financial institution in El Salvador, an IT service provider in Vietnam, and individuals across multiple countries.

The Impact on Enterprises

According to Kaspersky’s survey, 31% of enterprise businesses reported being affected by a supply chain attack within the past year. Despite the alarming statistics, the security level of open-source projects is not inherently lower than that of proprietary solutions. An active open-source community can often identify and remediate vulnerabilities more swiftly than proprietary systems, which may rely on internal audits. The open-source community actively monitors emerging risks, with cybersecurity specialists researching vulnerabilities and malicious code, promptly notifying users and the broader community.

Dmitry Galov, Head of Kaspersky GReAT Russia and CIS, emphasized the importance of vigilance in the open-source ecosystem. He noted that while completely eliminating potential risks is impossible, they can be mitigated through security solutions and automated code analysis tools.

Recommendations for Enhanced Security

To safeguard against these evolving threats, Kaspersky offers several recommendations for organizations:

• Utilize Monitoring Solutions: Employ tools like the Kaspersky Open Source Software Threats Data Feed to monitor open-source components and detect hidden threats.

• Continuous Monitoring: Implement solutions such as XDR or MXDR from the Kaspersky Next product line for real-time infrastructure monitoring and anomaly detection in software and network traffic.

• Stay Informed: Subscribe to security bulletins and advisories related to the open-source ecosystem. Early awareness of threats enables quicker responses.

• Develop an Incident Response Plan: Ensure that the plan addresses supply chain attacks and includes steps for rapid identification and containment of breaches, such as disconnecting compromised suppliers from company systems.

• Collaborate with Suppliers: Engage with suppliers on security issues to strengthen protection on both sides and establish shared priorities.

As the landscape of cyber threats continues to evolve, organizations must remain vigilant and proactive in their cybersecurity strategies. The rise in malicious packages within open-source projects serves as a stark reminder of the vulnerabilities that can arise in the software supply chain.

Source: www.tahawultech.com

Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.