Malicious code in rendezvous-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b4a03eaa6b09e5b9e291dd450f58e49a639c3efd8fa952f5ac48f9aea04aba4 On npm install scripts.install runs node index.js and on require'rendezvous-js', lib/core.js collects os.userInfo.username, os.hostname, and the...

Malicious code in dit-envv (npm)

dit-envv is a typosquatting package impersonating dotenv, the widely-used environment variable loader. The package bundles the legitimate dotenv source and documentation to appear functional while hiding a credential-theft payload in index1.js, executed at install time via the postinstall script...

Malicious code in pyregions-snowflake (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4c3a6759d779c0fe3ffac5559aa5f8915f72cab6bce545e1fe261f3caab47a65 During installation, the package starts obfuscated code that downloads and runs remote executables in specific environments - in older packages - attempts to...

Malicious code in reqpack (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2b2e7d451cecf418103df6ecbe4625c5b08cc561e843e00f4ec37efde665c320 These packages are used as build dependencies of malicious packages in newer waves of the campaign 2026-02-urllib-slim. They are used to split the malicious...

MAL-2026-2113 Malicious code in gcpipwrap (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 af8d2f3dec668a16adf691aa26e16be82e62c2cdf993da1f4ff4afaceac30e92 These packages are used as build dependencies of malicious packages in newer waves of the campaign 2026-02-urllib-slim. They are used to split the malicious...

Malicious code in nspack (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7741f090145e1e4bbd7998edba9c8151bd5dd3380adaa430e8f05cb2c814396f These packages are used as build dependencies of malicious packages in newer waves of the campaign 2026-02-urllib-slim. They are used to split the malicious...

MAL-2026-1225 Malicious code in urllib-slim (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 acbcedbcc1d5bafffbb66128eae99b1fdc6c8e62b65bedd8f62ee2790919d972 During installation, the package starts obfuscated code that downloads and runs remote executables in specific environments. In some packages in the campaign,...

Malicious code in aog-checker (npm)

Malicious package due to data exfiltration via HTTPS and DNS, and a suspicious preinstall script executing code before installation. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7348f881da3fd51ab1de0082ff6538b4c7882dd76eb460e2f64cac368fadd7c7 Any computer that ha...

Malicious code in ethweb-set (npm)

This package exfiltrates cryptocurrency wallet files to an attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e7af171b00090d3b3bfefae279da101b5da3a93390bc9f2cce869bdbc8685cbf Any computer that has this package installed or running should be...