Phylum Research | Software Supply Chain Security (Page 4)

Sophisticated RAT Targeting Gulp Projects on npm

Phylum Research

This Phylum research exposes a malicious package containing a Remote Access Trojan (RAT) targeting developers using Gulp. Learn more.

Phylum Research Team May 31, 2024 9 min read

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

SCA or public databases

82%

of Phylum’s findings are not found by
SCA or reported to public databases

Other curation tools

70%

of Phylum’s findings are not found by
other curation tools

Other software supply chain companies

60%

of Phylum’s findings are not found by
other software supply chain companies

Compiled Python Files

Learn how compiled Python modules can be included in packages to obfuscate intent and deliver a malicious payload....

Charles Coggins May 16, 2024 6 min read

Python Executable Hooks

Python customization modules in user or global site-packages directories can carry malicious code that runs every time the Python interpreter does....

Charles Coggins May 13, 2024 4 min read

Malicious Go Binary Delivered via Steganography in PyPI

Open-source Ecosystem Malware Alert: Phylum Research exposes a novel steganography attack to deliver a malicious Go binary within a PyPI package....

Phylum Research Team May 10, 2024 5 min read

Adding Spurious Wheels to PyPI

Learn how easy it is for threat actors to hide their malware in Python wheel artifacts hosted on the PyPI registry....

Charles Coggins May 10, 2024 4 min read

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

Subscribe to our research