D2DO300: Open Source Malware!
Jen Geil, co-founder of Open Source Malware, discusses the dramatic surge in malware targeting open source packages, particularly NPM, with AI being used both to create and exploit vulnerabilities. She reveals that over 90% of open source malware is found in NPM packages, with attacks increasingly targeting AI tools and agent marketplaces.
Summary
The episode features Jen Geil, co-founder of Open Source Malware, discussing the evolution of malware delivery from traditional phishing to sophisticated attacks on open source software repositories. NPM packages account for over 90% of open source malware, with over 90% discovered in just the last calendar year, creating a dramatic hockey stick growth pattern. JavaScript's dependency-heavy nature, NPM's historically low security requirements, and automatic lifecycle scripts make the platform particularly vulnerable. AI has contributed significantly to this explosion, with attackers using AI to create more sophisticated phishing campaigns and malware that includes telltale signs like emoji usage. A notable case study involves the NX package compromise, where attackers exploited GitHub Actions to steal publishing tokens, then uploaded malicious versions that weaponized locally installed AI tools like Claude, Gemini, and Amazon Q. The malware used commands like '--dangerously-skip-permissions' and '--YOLO' to bypass AI safety measures, ultimately compromising nearly 400 companies and exfiltrating over 20,000 files within eight hours. The threat landscape has expanded to AI agent marketplaces like Open Claw, where hundreds of malicious agents were discovered within days of launch. Attackers are also targeting developers through fake job interviews and malicious VS Code extensions. Geil emphasizes that this is not just individual hackers but includes well-funded state actors from DPRK, Russia, and China. Her company has created the most comprehensive database of open source malware, offering both community-driven threat reporting and commercial threat intelligence services. The database connects seemingly unrelated attacks by tracking shared infrastructure, recently linking three separate vendor reports to a single Russian threat actor. Defense strategies include dependency pinning with regular updates, implementing cooldown policies for new package versions, and expanding security training beyond traditional developers to include finance, marketing, and other departments now using AI tools to write code.
Key Insights
- Over 90% of open source malware exists in NPM packages, with over 90% discovered in the last calendar year alone, showing explosive recent growth
- AI-generated malware can be identified by the presence of emojis, as AI tools learned this pattern from training data
- The NX package compromise weaponized locally installed AI tools like Claude and Gemini using commands like '--dangerously-skip-permissions' and '--YOLO' to bypass safety measures
- Attackers successfully compromised nearly 400 companies and exfiltrated over 20,000 files within just eight hours of the NX attack
- State actors from DPRK, Russia, and China are funding sophisticated malware campaigns targeting open source repositories, not just individual hackers
- Malicious agents appeared in AI marketplaces within days of launch, with hundreds discovered in platforms like Open Claw
- North Korean actors are targeting engineers through fake job interviews that involve downloading malicious VS Code extensions
- Recent attackers have used invisible Unicode characters that appear as blank space but contain executable code when parsed
Topics
Full transcript available for MurmurCast members
Sign Up to Access