Open-source malware and infostealer-driven compromise of developer environments
Threat activity in 2025 increasingly targeted developer environments and software supply chains, with Sonatype reporting more than 450,000 newly identified malicious open-source components and a heavy concentration in the npm ecosystem. Campaigns were characterized by automation and scale: attackers published large batches of similarly named packages, rapidly re-uploaded them after takedowns, and in some cases achieved lateral propagation through developer machines and linked projects, compromising downstream components within days. The reporting highlights a shift away from end-user targeting toward build tools, developer workstations, and CI/CD pipelines, and warns that smaller ecosystems should adopt mature controls (e.g., stronger access controls and 2FA) before abuse scales.
A separate incident illustrates the impact of developer-environment compromise: roughly 860GB of Target source code and internal developer documentation reportedly appeared online, with employees confirming authenticity. Threat researchers assessed the intrusion likely began with an infostealer infection on an employee workstation in late 2025, enabling theft of credentials/session tokens and subsequent access to internal services (e.g., IAM, Confluence, Jira) and code repositories over several months before detection. After discovery, Target reportedly took its Git server offline and tightened VPN/access controls, with internal notes suggesting repository access controls may have been misconfigured—reinforcing the broader trend of attackers using compromised developer endpoints and weakly protected engineering infrastructure to exfiltrate sensitive code and pipeline details.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
7 events from the most recent confirmed update back to the earliest known activity.
Sonatype attributes hundreds of malicious npm releases to Lazarus
In the same report, Sonatype attributed hundreds of 2025 malicious npm package releases to North Korea's Lazarus Group. The packages were described as multi-stage malware using droppers, credential theft, persistence, and rapid republishing with reused code and infrastructure.
Sonatype reports surge in malicious open source packages in 2025
Sonatype reported that more than 450,000 new malicious open source components were identified during 2025, with activity heavily concentrated in npm and focused on developer environments, build tools, and CI/CD pipelines. The company said install-time execution was a common tactic for credential theft, payload delivery, and persistence.
Target takes Git server offline and restricts VPN access
After discovering the incident, Target reportedly took its Git server offline and limited access to the corporate VPN. Internal memos also referenced an accelerated change to access controls in response to the breach.
Employees confirm authenticity of leaked Target data
Current and former Target employees reportedly confirmed by January 13, 2026 that the leaked source code and internal documentation were authentic. Their confirmation validated that the exposed materials belonged to Target's internal environment.
Target source code and internal documents appear online
About 860GB of Target source code and internal developer documentation was reported to have appeared online on January 12, 2026. The leak reportedly exposed around 57,000 file and directory names and extensive internal development information.
Attacker allegedly conducts months-long exfiltration from Target systems
Using the compromised identity's access to systems including IAM, Confluence, Jira, internal wikis, and Git resources, the attacker reportedly carried out sustained data theft over roughly three to four months. The activity allegedly exposed internal technology stack details, CI/CD information, Hadoop datasets, and engineer metadata.
Infostealer reportedly compromises a Target employee workstation
Threat intelligence researchers assessed that the Target source-code theft likely began in late September 2025 with an infostealer infection on an employee workstation. The malware allegedly enabled theft of credentials and session tokens tied to broad internal access.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Malicious open-source packages and developer-targeted supply chain attacks
Security researchers reported multiple **software supply chain** threats targeting developers via public package ecosystems. Tenable analyzed a malicious npm package, **`ambar-src`**, that reached roughly **50,000 downloads** in days before removal; it executed during installation via **malicious `preinstall` behavior**, used evasion techniques, and dropped OS-specific payloads for Windows, Linux, and macOS, with typosquatting assessed as the likely lure (mimicking *`ember-source`*). Separate reporting described a campaign using **malicious NuGet packages** (e.g., **NCryptYo**, **DOMOAuth2_**, **IRAOAuth2.0**, **SimpleWriter_**) that impersonated legitimate .NET libraries, executed code on assembly load, and established local proxying/backdoor behavior to facilitate credential theft and persistence in ASP.NET environments. Additional coverage warned of an npm “worm-like” propagation pattern impacting **CI pipelines and AI coding tools**, reinforcing that developer tooling and build systems are high-risk choke points where a single poisoned dependency can spread quickly across environments. While the broader set of articles also included unrelated breach, ransomware, and policy items, the developer-focused supply chain reporting consistently emphasized that **installation-time execution** and **typosquatting/impersonation** enable compromise even when developers never directly call the malicious code, and that traditional detection can lag (e.g., low initial antivirus detection rates for obfuscated .NET payloads).
Mar 21, 2026
Software Supply Chain Threats Targeting Open-Source Ecosystems and Developer Tooling
Open-source software supply chain risk continued to escalate, with reporting citing **454,600+** newly identified malicious packages across major repositories (including **PyPI, npm, Maven Central, NuGet, and Hugging Face**) and tactics ranging from **credential theft** to **multi-stage attacks** and even early **self-replicating** package malware. The activity reportedly concentrated heavily in **npm**, including high-volume “ecosystem flooding” (e.g., single accounts publishing **150,000+** malicious packages in days) and **hijacking of trusted projects**, exploiting developer reliance on superficial trust signals such as package names, READMEs, and download counts. Separately, researchers disclosed **“PackageGate”** vulnerabilities in JavaScript package managers (**npm, pnpm, vlt, and Bun**) that can bypass common post-incident defenses—namely `--ignore-scripts` and lockfile integrity—enabling malicious code execution via compromised dependencies. Koi Security reported six issues; **pnpm, vlt, and Bun** shipped fixes, while **npm** reportedly treated the behavior as expected. In parallel, threat actors abused **GitHub’s fork architecture** to distribute a spoofed *GitHub Desktop* installer promoted via search ads; execution deployed **HijackLoader** and established persistence via a **scheduled task**, underscoring that supply chain threats extend beyond package registries into developer tooling distribution channels.
Mar 21, 2026
npm Supply-Chain Attacks Steal Developer Tokens and Enable Cloud Compromise
Threat actors are using **malicious npm packages** to steal developer credentials and CI/CD secrets, enabling rapid escalation into cloud environments. Google reported that **UNC6426** leveraged keys stolen during the earlier compromise of the *nx* npm ecosystem to pivot from a stolen developer GitHub token into **AWS administrative access within 72 hours**, abusing **GitHub-to-AWS OpenID Connect (OIDC) trust** to create a new admin role. The actor then used that access to **exfiltrate data from AWS S3** and conduct **destructive actions** in production cloud environments; the initial *nx* compromise involved a GitHub Actions `pull_request_target` workflow abuse (“**Pwn Request**”) that enabled publishing trojanized packages containing a `postinstall` chain that executed the **QUIETVAULT** JavaScript credential stealer and uploaded stolen data to a public GitHub repo (`/s1ngularity-repository-1`). Separately, researchers reported new waves of the **PhantomRaven** npm supply-chain campaign distributing **88 additional malicious packages** (via ~50 disposable accounts) that target JavaScript developers by exfiltrating secrets from files like `.gitconfig` and `.npmrc`, environment variables, and CI/CD tokens (e.g., GitHub/GitLab/Jenkins/CircleCI). The campaign uses **slopsquatting** (LLM-suggested lookalike package names) and a stealth technique called **Remote Dynamic Dependencies (RDD)**, where `package.json` pulls a dependency from an external URL so the malicious payload is fetched at install time (`npm install`) and can evade static package inspection; researchers indicated many of these packages remained available in the npm registry at the time of reporting.
Mar 21, 2026