Henrik from Endor Labs recently created a small prototype Go application for detecting malicious packages early. The article shares what his application found, his view on the evolution of malicious packages and what we should be doing to protect ourselves from it. His analysis showed that attackers have been using the same malicious code snippets for years, sometimes adding simple encoding or encryption for superficial obfuscation. That makes it easier for detection mechanisms to discover them. However there will be a need to deal with false positives and package repositories platforms do not have enough resources for this. He also notes that most malicious packages today are discovered by parties other than the package repository owners and suggests that malware scans be done prior to publication to further reduce exposure to malicious packages. Check out his article to learn more.
https://www.endorlabs.com/blog/whatfuscator-malicious-open-source-packages-and-other-beasts
This segment was created for the It’s 5:05 podcast