Discord Contact
Phylum Research Team

Phylum Research Team

Hackers, Data Scientists, and Engineers responsible for the identification and takedown of software supply chain attackers.
Malicious Actors Use Unicode Support in Python to Evade Detection

Malicious Actors Use Unicode Support in Python to Evade Detection

Phylum Research
Phylum’s automated platform recently detected the onyxproxy package on PyPI, a malicious package that harvests and exfiltrates credentials and other sensitive data. In many ways, this package typifies other token stealers that we have found
Phylum Research Team 6 min read

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

SCA or public databases
82%

of Phylum’s findings are not found by
SCA or reported to public databases

Other curation tools
70%

of Phylum’s findings are not found by
other curation tools

Other software supply chain companies
60%

of Phylum’s findings are not found by
other software supply chain companies

Software Development Is Changing Again…

Software Development Is Changing Again…

Phylum Insights and Resources
Development is happening more quickly than ever before, and Department of Defense stakeholders want more automation in software development and acquisitions. Recent strategic initiatives from the White House to the DoD Chief Information Officer are driving
Phylum Research Team 4 min read

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

SCA or public databases
82%

of Phylum’s findings are not found by
SCA or reported to public databases

Other curation tools
70%

of Phylum’s findings are not found by
other curation tools

Other software supply chain companies
60%

of Phylum’s findings are not found by
other software supply chain companies

A PyPI typosquatting campaign post-mortem

A PyPI typosquatting campaign post-mortem

Phylum Research
tl;dr - An unsophisticated actor efficiently published about a thousand typosquatted packages of forty popular Python packages containing malicious code in a campaign that lasted two days, but actually only took about an hour to
Phylum Research Team 14 min read

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

SCA or public databases
82%

of Phylum’s findings are not found by
SCA or reported to public databases

Other curation tools
70%

of Phylum’s findings are not found by
other curation tools

Other software supply chain companies
60%

of Phylum’s findings are not found by
other software supply chain companies

If SBOMs are a must, let’s make them as effective as possible

If SBOMs are a must, let’s make them as effective as possible

Phylum Insights and Resources
Since the announcement of Executive Order 14028, curiosity and confusion around SBOM (Software Bill of Materials) mandates has been widespread. SBOMs are indeed a jumping off point when it comes to the task of building an
Phylum Research Team 12 min read

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

SCA or public databases
82%

of Phylum’s findings are not found by
SCA or reported to public databases

Other curation tools
70%

of Phylum’s findings are not found by
other curation tools

Other software supply chain companies
60%

of Phylum’s findings are not found by
other software supply chain companies

Phylum Discovers Aggressive Attack on PyPI Attempting to Deliver Rust Executable

Phylum Discovers Aggressive Attack on PyPI Attempting to Deliver Rust Executable

Phylum Research
🚨 This appears to be an ongoing attack. As of the morning of 2/24/2023 an additional 600+ packages have been published by this actor. In total we have identified 5,943 malicious packages. These packages
Phylum Research Team 243 min read

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

SCA or public databases
82%

of Phylum’s findings are not found by
SCA or reported to public databases

Other curation tools
70%

of Phylum’s findings are not found by
other curation tools

Other software supply chain companies
60%

of Phylum’s findings are not found by
other software supply chain companies