Malicious Packages Across Open-Source Registries: Detection Statistics and Trends (Q2 2025) www.fortinet.com/blog/thre…

In this previous blog, Fortiguard Labs highlighted a growing trend in the use of open source software (OSS) repositories as channels for malware distribution in supply chain security. With the continued reliance on third-party packages in development workflows, threat actors are increasingly exploiting vulnerabilities in the open-source ecosystem to propagate malicious code, exfiltrate data, and cause other harm.

By leveraging our proprietary AI-powered malware detection and continuous monitoring system, FortiGuard Labs has established real-time tracking and detection of newly published packages. This ongoing, global monitoring enables us to rapidly identify emerging threats and evolving attack techniques.

Analysis of data collected during the second quarter (Q2 2025) reveals that the use of OSS repositories as malware distribution channels in supply chains is not only persistent but remains essentially unchanged in its core tactics. In this report, we present updated statistics on malicious package activity observed in the wild during the second quarter. It also presents a couple of selected examples of malicious packages uncovered during the quarter, offering insights into trends and techniques observed in OSS ecosystems