all InfoSec news
OSS Malicious Package Analysis in the Wild
April 9, 2024, 4:11 a.m. | Xiaoyan Zhou, Ying Zhang, Wenjia Niu, Jiqiang Liu, Haining Wang, Qiang Li
cs.CR updates on arXiv.org arxiv.org
Abstract: The open-source software (OSS) ecosystem suffers from various security threats and risks, and malicious packages play a central role in software supply chain (SSC) attacks. Although malware research has a history of over thirty years, less attention has been paid to OSS malware. Its existing research has three limitations: a lack of high-quality datasets, malware diversity, and attack campaign context. In this paper, we first build and curate the largest dataset of 23,425 malicious packages …
analysis arxiv attacks attention cs.cr cs.se ecosystem history malicious malicious packages malware malware research open-source software oss package package analysis packages paid play research risks role security security threats software software supply chain supply supply chain threats
More from arxiv.org / cs.CR updates on arXiv.org
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Risk and compliance specialist
@ ZainCash | Baghdad, Baghdad Governorate, Iraq
Information Security Compliance Analyst
@ Evelyn Partners | Liverpool, United Kingdom
Director of Security Engineering
@ Kasada | Melbourne