2 matches found
MAL-2026-6170 Malicious code in onesignal-hooks (npm)
The npm package onesignal-hooks published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...
MAL-2026-6148 Malicious code in async-protobuf-av (npm)
The npm package async-protobuf-av published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...