Safeguard
Tag

malware-analysis

Safeguard articles tagged "malware-analysis" — guides, analysis, and best practices for software supply chain and application security.

7 articles

Supply Chain Attacks

Anatomy of a Software Supply-Chain Worm: A Post-Mortem Framework

500+ npm packages backdoored in days, then 796 more two months later. A repeatable post-mortem framework for self-propagating open-source worms.

Jul 9, 20266 min read
Software Supply Chain Security

3CX DesktopApp supply chain compromise

How North Korea-linked hackers turned a signed, trusted 3CX VoIP installer into malware — and the double supply chain attack that made it possible.

Jul 6, 20266 min read
Software Supply Chain Security

The Shai-Hulud npm worm campaign

A self-replicating npm worm hit 500+ packages in September 2025 and 796 more in November — here's how Shai-Hulud actually spread, stole secrets, and what stops it.

Jul 4, 20267 min read
Incident Analysis

ctx and colourama PyPI typosquat malware incident

The ctx and colourama PyPI typosquatting malware incident shows how account takeover and name-squatting delivered credential-stealing code to devs.

Dec 29, 20257 min read
Open Source Security

npm postinstall script malware trends

npm postinstall script malware surged 61% in H1 2026. Here's how attackers weaponize lifecycle hooks — and how to detect and stop them.

Nov 30, 20257 min read
Open Source Security

Supply Chain Worming: Self-Propagating Malicious Packages...

How the Shai-Hulud npm worm self-propagated across 500+ packages in 48 hours by stealing tokens and republishing itself — and how to stop the next one.

Jul 31, 20257 min read
Software Supply Chain Security

Malware Analysis Techniques for Suspicious npm Packages

When an npm package looks suspicious, you need a systematic approach to determine if it is malicious. These analysis techniques separate noise from genuine threats.

May 15, 20236 min read
malware-analysis — Safeguard Blog