Discord Contact
Phylum Research Team

Phylum Research Team

Hackers, Data Scientists, and Engineers responsible for the identification and takedown of software supply chain attackers.
Phylum Discovers Go-Based RAT “Spark” Being Distributed on PyPI

Phylum Discovers Go-Based RAT “Spark” Being Distributed on PyPI

Phylum Research
On 8 February 2023 at 21:25:00 UTC, Phylum’s automated risk detection platform alerted us to the publication of pycolured on PyPI, and we immediately notified the PyPI maintainers. As we were digging deeper
Phylum Research Team 15 min read

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

SCA or public databases
82%

of Phylum’s findings are not found by
SCA or reported to public databases

Other curation tools
70%

of Phylum’s findings are not found by
other curation tools

Other software supply chain companies
60%

of Phylum’s findings are not found by
other software supply chain companies

Phylum Discovers Revived Crypto Wallet Address Replacement Attack

Phylum Discovers Revived Crypto Wallet Address Replacement Attack

Phylum Research
UPDATE: This campaign is still unfolding. Currently, the actor appears to have typosquatted several major packages in PyPI. We will continue to update this blog post as new details emerge. In November of 2022, Phylum discovered
Phylum Research Team 7 min read

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

SCA or public databases
82%

of Phylum’s findings are not found by
SCA or reported to public databases

Other curation tools
70%

of Phylum’s findings are not found by
other curation tools

Other software supply chain companies
60%

of Phylum’s findings are not found by
other software supply chain companies

Sandboxing Package Installations Arms Developers With Defense Against Open-Source Attacks and Unintended Consequences

Sandboxing Package Installations Arms Developers With Defense Against Open-Source Attacks and Unintended Consequences

Phylum Research
💡 tl;dr - We built a tool to sandbox package installations (e.g., npm install <pkg>). It’s open source, available as part of our CLI, and supports npm, yarn, and poetry out of
Phylum Research Team 3 min read

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

SCA or public databases
82%

of Phylum’s findings are not found by
SCA or reported to public databases

Other curation tools
70%

of Phylum’s findings are not found by
other curation tools

Other software supply chain companies
60%

of Phylum’s findings are not found by
other software supply chain companies

Phylum Identifies 137 Malicious npm Packages

Phylum Identifies 137 Malicious npm Packages

Phylum Research
Overview NPM has made great strides in improving the security of the ecosystem, adding nice features like identifying potential typosquats before the packages are published. Despite this, however, malicious packages continue to be published to unsuspecting
Phylum Research Team 3 min read

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

SCA or public databases
82%

of Phylum’s findings are not found by
SCA or reported to public databases

Other curation tools
70%

of Phylum’s findings are not found by
other curation tools

Other software supply chain companies
60%

of Phylum’s findings are not found by
other software supply chain companies

A Deep Dive Into poweRAT: a Newly Discovered Stealer/RAT Combo Polluting PyPI

A Deep Dive Into poweRAT: a Newly Discovered Stealer/RAT Combo Polluting PyPI

Phylum Research
Phylum has uncovered yet another malware campaign waged against PyPI users. And once again, the attack chain is complicated and obfuscated, but it’s also quite novel and further proof that supply chain attackers aren’t
Phylum Research Team 11 min read

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

SCA or public databases
82%

of Phylum’s findings are not found by
SCA or reported to public databases

Other curation tools
70%

of Phylum’s findings are not found by
other curation tools

Other software supply chain companies
60%

of Phylum’s findings are not found by
other software supply chain companies