A dangerous new trend in open source software (OSS) attacks is emerging. One that doesn’t just infect the software you install, but poisons the trusted apps already on your system.
Security researchers at ReversingLabs recently uncovered three malicious OSS packages that don’t follow the usual playbook of embedding malware into new code. Instead, they apply Trojanized patches to legitimate software already installed on victims’ devices. A tactic that’s stealthier, more persistent, and potentially more damaging than traditional open source poisoning.
From OSS Package to Patch: A Stealthy New Attack Vector
For years, attackers have tried sneaking malware into OSS packages, hoping that unsuspecting developers or users would install them. But those efforts are often short-lived, with security teams and open source communities quickly identifying and removing suspicious packages before they do much harm.
Now, threat actors are evolving.
According to ReversingLabs, one recent example was a malicious npm package named “pdf-to-office.” Published by a new account, it was downloaded about 200 times before being taken down. Not an unusually high number, but enough to raise concern due to its novel approach.
Marketed as a productivity tool to convert PDF files into Microsoft Office formats, the package did nothing of the sort. Instead, it executed an obfuscated JavaScript file named “pdftodoc”, which scanned the victim’s machine for two popular cryptocurrency wallets: Atomic and Exodus.
Once detected, the malware replaced a legitimate component in those wallet apps with a Trojanized copy. The altered file retained the same functionality as the original. With one critical exception: it silently rerouted outgoing cryptocurrency transactions to a wallet controlled by the attacker.
Why This Approach Works So Well
This malicious patching method is particularly insidious. The targeted file in Atomic Wallet varies across different versions, but the malware was designed to detect those variations and adapt. That means even updated wallet apps weren’t safe.
Even worse, once the patch is applied, it survives long after the malicious package is removed. Users who delete the fake “pdf-to-office” app won’t stop the threat — their wallet remains compromised unless they completely uninstall and reinstall it from scratch.
As ReversingLabs explains, users rarely suspect software they already trust, giving attackers a longer window of exploitation. It’s a significant shift from the short-lived attacks that typically plague OSS repositories.
OSS Malware is Not an Isolated Case
“Pdf-to-office” isn’t the only package discovered using this method. In March, ReversingLabs also identified two others — “ethers-providerz” and “ethers-provider2” — that patched the popular Ethereum development library “ethers.” Instead of stealing cryptocurrency, these packages inserted malicious code that created a reverse shell, granting attackers remote access to the infected machine.
Interestingly, researchers believe these campaigns were carried out by different threat actors, as the coding techniques and packaging varied significantly.
“This does look like a growing trend,” said Lucija Valentic, software threat researcher at ReversingLabs. “Usually, people don’t inspect software they already trust. That makes these kinds of attacks extremely effective and difficult to detect.”
What Developers and Users Should Watch Out For
Valentic offers a simple but urgent reminder: stay vigilant with any open source package. Developers should:
- Avoid rarely used or suspiciously large packages with few version histories
- Always inspect what the package does before integrating it
- Rely on trusted, community-vetted tools when possible
With software supply chain attacks on the rise, this new form of “Trojan patching” could become a favorite technique for attackers — especially those targeting crypto wallets, financial apps, and developer tools.
As OSS continues to power critical infrastructure and commercial platforms, the security community will need to adapt just as quickly as the threat actors do.
