Snyk finds 200+ malicious npm packages, including Cobalt Strike dependency confusion attacks

Snyk recently discovered over 200 malicious npm packages, including those that perform data exfiltration, spawn reverse shells, and use trojans. These malicious packages were found using a custom approach to detect install-time scripts and analyze package metadata. The detection system uses static analysis and applies rules to identify suspicious behavior, such as sending personal identifying information over HTTP or DNS requests. Manual security analysis is still required to confirm the findings. Snyk's approach aims to improve the detection of malicious packages in the npm registry, which has become a target for supply chain attacks. The company recommends using tools like Snyk to protect open-source software ecosystems and cautions against publishing packages that may exfiltrate PII or engage in other malicious activities.