Phylum Research

Q1 2023 Evolution of Software Supply Chain Security Report

Software supply chains are unique among the broader supply chain family. Logistics-based supply chain risks can be contained or limited by industry or region. However,...

Attackers Repurposing existing Python-based Malware for Distribution on NPM

On April 16, 2023, Phylum's automated risk detection platform detected a surge of publications of a library called vibranced ⚠️ Check Package on NPM. In this article, we will examine the actions taken by the attackers and their attempts to distribute Python-based malware on NPM....

Phylum Discovers NPM Package mathjs-min Contains Credential Stealer

Phylum has recently discovered that a package called mathjs-min ⚠️ Check Package, which was uploaded to NPM by user rizzman on March 26, contains a Discord...

Malicious Actors Use Unicode Support in Python to Evade Detection

Phylum’s automated platform recently detected the onyxproxy package on PyPI, a malicious package that harvests and exfiltrates credentials and other sensitive data. In many...