Malicious Package

Overview All versions of sj-tw-abc contain malicious code. The package downloads and runs a script that opens a reverse shell in the system. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer...

Malicious Package

Overview Version 6.16.0 of emberclibabe contains malicious code as a preinstall script. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When installed, the package downloads a file from a remote server, executes it and opens...

Malicious Package

Overview Version 2.0.2 of yoeman-generator contains malicious code as a preinstall script. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When installed, the package downloads a file from a remote server, executes it and...

Malicious Package

Overview Version 2.1.0 of log-symboles contains malicious code as a preinstall script. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When installed, the package downloads a file from a remote server, executes it and opens ...

Malicious Package

Overview All versions of tiar contain malicious code. The package uploads system information to a remote server, downloads a file and executes it. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that...

Malicious Package

Overview All versions of river-mock contain malicious code. The package uploads system information to a remote server, downloads a file and executes it. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on th...

Malicious Package

Overview All versions of qingting contain malicious code. The package uploads system information to a remote server, downloads a file and executes it. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that...

Malicious Package

Overview All versions of node-buc contain malicious code. The package uploads system information to a remote server, downloads a file and executes it. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that...

Malicious Package

Overview All versions of midway-xtpl contain malicious code. The package uploads system information to a remote server, downloads a file and executes it. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on...

Malicious Package

Overview All versions of diamond-clien contain malicious code. The package uploads system information to a remote server, downloads a file and executes it. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on...

Malicious Package

Overview Version 3.1.1 of yeoman-genrator contains malicious code as a preinstall script. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When installed, the package downloads a file from a remote server, executes it and ope...

Malicious Package

Overview Version 10.4.0 of require-ports contains malicious code as a preinstall script. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When installed, the package downloads a file from a remote server, executes it and open...

Malicious Package

Overview Version 1.5.3 of colour-string contained malicious code as a preinstall script. The package downloaded a file from a remote server, executed it and opened a backdoor. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secret...

Malicious Package

Overview Version 9.0.0 of colro-name contained malicious code as a preinstall script. The package downloaded a file from a remote server, executed it and opened a backdoor. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets a...

Malicious Package

Overview Version 1.8.4 of bowee contained malicious code as a preinstall script. The package downloaded a file from a remote server, executed it and opened a backdoor. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and ke...

Emotet Trojan Detection

The script tries to detect the Emotet Trojan via various known Indicators of Compromise IOC. Note: This script is not running by default as it needs to crawl the target host for various files which puts high load on the target during the scan. Please enable it separately within scripts preference...

Malicious Package

Overview The npm-script-demo package is a piece of malware that opens a connection to a command and control server and executed the instructions it is given. It has been removed from the npm registry. Recommendation Any computer that has this package installed or running should be considered full...

Russian Hacker behind 'NeverQuest' Malware, Wanted by FBI, Is Arrested in Spain

A Russian computer hacker wanted by the FBI on hacking allegations was arrested and jailed in Spain earlier this week, while a decision on his extradition to the United States has yet to be made. The Guardia Civil, Spanish law enforcement agency officers, have detained 32-year-old Stanislav Lisov...

DailyMotion Still Serving FakeAV Malware Scam

More than three weeks after notifying video-sharing site DailyMotion that it was compromised, security company Invincea reports the popular website is still infected. A spokesperson told Threatpost that Invincea’s original notification was not acknowledged and the company suspects this is a...

Warning: "A new message from Skype Voicemail Service" spam leads to Zeus Malware

Skype has been targeted by cyber criminals again this week. Users are receiving a new Spam Email with subject "You received a new message from the Skype voice mail service.", that actually leads to Zeus Malware. Zeus is a Trojan horse that attempts to steal confidential information from the...