48 matches found
Malicious code in zod-pino (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c536e5a7ee3d5542e1ac822b30ba4525e52b2ae0c964d0c2470468d91b9b41c8 The package is published under a name suggesting a Pino logger integration for Zod, but the tarball contents do not match that purpose and exhibit...
Malicious code in @0xlr/vercel-analytics (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fda046018b2c121cb96e157cadce6d8aee695beb7086008140da0a9c6eebc938 On npm install, postinstall.js enumerates every process.env variable including credentials such as AWS, NPMTOKEN, GITHUBTOKEN and other CI tokens and...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...
Malicious code in autotel-devtools (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e1bce8c001a8e85b493ccdd8af1e3e57f3578d1026e6d5d147374b0a68467313 autotel-devtools ships bundled CommonJS and ESM artifacts dist/cli.cjs, dist/cli.js, dist/index.cjs, dist/index.js, dist/server/index.cjs,...
Malicious code in autotel-vitest (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 22d23b9d854410e35b16a7058ed9bc6855b3bf548b1a3ccd79ba983de3b652e1 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in autotel-mcp-instrumentation (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d430094afb9dc367c9a2a0477eea7bba4074cf3eed9f6f2861a0e82f79706ee4 No concrete installer-harm signals were identified for this package version. No lifecycle hooks, network destinations, credential reads, or other...
MAL-2026-5247 Malicious code in eslint-plugin-executable-stories-jest (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f57bad4c5897c34b725457a558ebfe9df86ff8092f5bfd36b1568d6dc5e84da8 The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...
MAL-2026-5244 Malicious code in discord-search (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1588cbceb5959b1a1b9e22d2b54d3d67e6bac9c8be4538df23f809772e4a9850 The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...
MAL-2026-5214 Malicious code in autotel-aws (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e356eee42d8cb9a80967237c11de3358548389fe2e413f1bbc3fae630c7d28f8 No concrete installer-harm signals were identified in this package version. No lifecycle hooks fetching external code, no credential-path reads, no...
Malicious code in eslint-plugin-executable-stories-vitest (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37cda64660196ba2834eebfa1c7c1debc8367bb89d9b953d1c01fa0c5b722e7a The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...
MAL-2026-5204 Malicious code in @ethlete/types (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d8f99e5213b116197421a47e5d43675c1772592479e5646e6683f28ca5e77873 The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...
MAL-2026-5238 Malicious code in awaitly-postgres (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3015c3afc4f26f62482274726cb1ce34f803abd4b7e84a6eb7e0c802e8c8b7df The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...
Malicious code in xmorse (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2026-3182 Malicious code in redeem-onchain-sdk (npm)
redeem-onchain-sdk is a malicious npm package impersonating a Polymarket on-chain SDK. It collects SSH keys, AWS credentials, .npmrc tokens, Docker auth, Chrome saved logins, .env files, and a month of git commit history, then ships everything over a raw TCP socket to an AWS-hosted C2. Two trigge...
MAL-2026-1410 Malicious code in ighack (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 889207a729f6b97c385d6c0afe217776d10331cdf7e5dd511f80e0d01e899842 Instagram hacking tool that besides abusing the Instagram API, also automatically uses user's credentials to follow hardcoded accounts. --- Category: MALICIOUS...
Malicious Package
Overview vue-scoped-css is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior The packa...