Lucene search
K

18 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/30 12:0 a.m.8 views

Malicious code in ts-bn-proto (npm)

Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign. ts-bn-proto embeds an infostealer payload directly in index.js with a base64-encoded C2 address data-stream.space, executed at install time via a postinstall hook. The payload harvests cryptocurrency wallet...

6.2AI score
Exploits0References2
OSV
OSV
added 2026/06/30 12:0 a.m.5 views

MAL-2026-6694 Malicious code in thirdwebb (npm)

Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign. thirdwebb is a typosquat of the legitimate thirdweb package. It uses a side-loader technique, pulling in log-taker as a transitive dependency; the infostealer runs automatically via that dependency's...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/30 12:0 a.m.8 views

Malicious code in polymarket-trading-developer-tools (npm)

Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign targeting Polymarket developers. polymarket-trading-developer-tools uses a dropper technique: a postinstall hook downloads configuration from pm-trading-dev-tools-be.vercel.app and exfiltrates data to the...

6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/30 12:0 a.m.8 views

Malicious code in thirdwb (npm)

Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign. thirdwb is a typosquat of the legitimate thirdweb package. It uses a side-loader technique, pulling in log-taker as a transitive dependency; the infostealer runs automatically via that dependency's...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/30 12:0 a.m.7 views

Malicious code in decimal-format-core (npm)

Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign. decimal-format-core uses a dropper technique: a postinstall hook executes scripts/install-check.cjs at install time, which fetches a second-stage infostealer payload from the C2 domain logstream-api.online...

6.6AI score
Exploits0References9
OSV
OSV
added 2026/06/07 10:42 a.m.14 views

MAL-2026-5292 Malicious code in bittensor-burn-watch (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16180f1609731d35398f11dbfcb328826d2e39a7acf42fc256b563512645e6e5 Package advertises itself as a Bittensor subnet burn-rate monitor but bundles a live TELEGRAMBOTTOKEN and TELEGRAMCHATID in...

5.7AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/07 10:34 a.m.18 views

Malicious code in clip-logger (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0ee6244e4630a085f305c933f50283a232dda9e0d8e0ba3bab2bb880e53a736d The package contains code to steal clipboard content to a predefined remote location. If run in the right way, the code will periodically check the clipboard a...

5.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/30 8:21 p.m.11 views

Malicious code in databaseroboats (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 758a06f15ef5917ecf964bae5fa46f084b028b69c8dd133acb90da972f6a6f09 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

6AI score
Exploits0References9
OSV
OSV
added 2026/03/24 8:30 p.m.9 views

MAL-2026-2143 Malicious code in roboated (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0c9f3bba9c27e61fbe6934c9d130ada39dd87f7b7c376fe33609be1ecbaf96e2 During installation, a malicious remote executable is downloaded and run --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/23 11:9 p.m.9 views

Malicious code in roboat (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f04db4869c9e981873683b537f335c1f25c7c17c283315859699855a9c20816b During installation, the code attempts to download and start malware. Connected with the campaign based on the time correlation and other packages published by...

5.9AI score
Exploits0References3
OSV
OSV
added 2026/03/23 11:9 p.m.14 views

MAL-2026-2121 Malicious code in roboat (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f04db4869c9e981873683b537f335c1f25c7c17c283315859699855a9c20816b During installation, the code attempts to download and start malware. Connected with the campaign based on the time correlation and other packages published by...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/05 11:50 p.m.8 views

Malicious code in auto-backup-wsl (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a2df4191bfbdaa28acd42677c912064639ef3b278179beee064cd83fb5b0e11e Package performs a "backup" of files to a remote location. This functionality is clearly described, but the user has no control over the remote location where...

5.6AI score
Exploits0References10
OSV
OSV
added 2025/12/17 5:56 p.m.5 views

MAL-2025-192605 Malicious code in trondec (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d4efad56ea7992fa8744736bf9f7b5e8eee6a521109819f7b841eb3f1ea91bbc Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...

6.8AI score
Exploits0References2
OSV
OSV
added 2025/12/09 8:5 a.m.15 views

MAL-2025-192386 Malicious code in telcoo (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c96937a82adce2ecc6628245fd858587131511b4145c04f577ec25d8fa846577 Running the module starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-12-evil-rce...

7.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/24 6:30 p.m.6 views

Malicious code in jsonschemex (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 21f678f82847db32c68ab5a95a827f755d13b5d4cd371667eb584f25ed28ed01 Malicious clone of a legitimate package with hidden code that downloads the next stage scripts. Analysed payloads had just exfiltrated basic infos --- Category...

7.3AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/16 3:2 p.m.3 views

Malicious code in terminalcolornew (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5a555882888b9895fbe7575cc6121cad44600e17fb64d7551cacc33b29f2ae9f If used, the code attempts to take a photo using the computer's camera and exfiltrates it --- Category: MALICIOUS - The campaign has clearly malicious intent,...

7.2AI score
Exploits0References1
OSV
OSV
added 2025/08/29 12:14 p.m.6 views

MAL-2025-191778 Malicious code in kraken123 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 dc2f76a61af953726f4fc219f725013ce8b477860b47433b7fc0444994ffcfd5 As even described, the package contains a malicious code collecting large amount of data. The description suggests educational use, yet, the code can cause rea...

6.9AI score
Exploits0References1
Qualys Blog
Qualys Blog
added 2023/01/03 9:9 a.m.27 views

BitRAT Now Sharing Sensitive Bank Data as a Lure

Introduction In June of 2022 Qualys Threat Research Unit TRU wrote an in-depth report on Redline, a commercial off the shelf infostealer that spreads via fake cracked software hosted on Discord’s content delivery network. Since then, we have continued to track similar threats to identify their...

0.6AI score
Exploits0
Rows per page
Query Builder