17 matches found
MAL-2026-3678 Malicious code in 8q (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a10addd46910ba157e59c0c301c15ea56de73adb23c4d3422520b67876cdc0e The package's declared main entry router.js is an IIFE that runs the moment an installer's code executes require'8q' or import '8q'. On load it...
Malicious code in 8oo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c949ba1ac1cd3a6c96d3f1fc8c32cdc64cb9474fa07dd6633ebf4f69073a495 The package's main entry index.js executes an IIFE at require time that loads 66o.js, which replaces the global console with a Proxy. Every intercept...
MAL-2026-3677 Malicious code in 8oo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c949ba1ac1cd3a6c96d3f1fc8c32cdc64cb9474fa07dd6633ebf4f69073a495 The package's main entry index.js executes an IIFE at require time that loads 66o.js, which replaces the global console with a Proxy. Every intercept...
Malicious code in 11j (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9ad371791d84a3c28ca12b62bae45a07567847b7df025c93611f8f504a1c869 the analysis identified unambiguous malicious behavior in log.js the package main: an IIFE executes on require/import that monkey-patches...
MAL-2026-3670 Malicious code in 11j (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9ad371791d84a3c28ca12b62bae45a07567847b7df025c93611f8f504a1c869 the analysis identified unambiguous malicious behavior in log.js the package main: an IIFE executes on require/import that monkey-patches...
Malicious code in modern-events (npm)
modern-events is a malicious npm package that when imported and using the function EventEmitter.emit... in file events.js exfiltrates local system information via telegram and slack and downloads a backdoor Win64/FaxedCook to C:/ProgramData/Policy/PublisherPolicy.tms. --- -= Per source details. D...
New PXA Stealer Malware Targets Banks, Uses Telegram to Exfiltrate Data
CyberProof researchers have detected a 10% surge in PXA Stealer attacks targeting financial institutions in Q1 2026. Learn…...
Malicious code in fastapi-middleware-cors (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 305178589615e2247b892b3e305e5fd69a0fc02092f0b115b6b384441f5ddd46 Library disguised as FastAPI helper is executing obfuscated code during importing the module. The code is highly obfuscated; the code seems to contain an...
Malicious code in pathfiles (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a96d53709493a07432f8619b9ca322fef0fb4bf9080a02da7e8f6bc03353b3c0 Disguised as file system manipulation library, the package hides an obfuscated code to communicate with a Telegram channel. Though the usage is not known at th...
Malicious code in smtrlib (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2c1075f7c4373ccaac9936bfd75a22a27f0c9ba06a5402a68a45fe8121f58783 Malicious copy of a standard library module that during class initialization downloads and executes remote code and after that attempts to cover its tracks by...
MAL-2025-192683 Malicious code in ai-cypher (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5484d32cf20d26ce1585cb1cf90d2ed28c9cf9ccdcf038976a5cec33dd939e4d The compiled native extension hides the code that during import exfiltrates sensitive Telegram files. --- Category: MALICIOUS - The campaign has clearly...
Malicious code in ai-cypher (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5484d32cf20d26ce1585cb1cf90d2ed28c9cf9ccdcf038976a5cec33dd939e4d The compiled native extension hides the code that during import exfiltrates sensitive Telegram files. --- Category: MALICIOUS - The campaign has clearly...
Phantom Stealer Spread by ISO Phishing Emails Hitting Russian Finance Sector
Cybersecurity researchers have disclosed details of an active phishing campaign that's targeting a wide range of sectors in Russia with phishing emails that deliver Phantom Stealer via malicious ISO optical disc images. The activity, codenamed Operation MoneyMount-ISO by Seqrite Labs, has primari...
Malicious code in ilovenyxx (PyPI)
The package acts as an infostealer, exfiltrating sensitive files and credentials from browser databases via Telegram...
Malicious code in ilovenyxxbait (PyPI)
The package acts as an infostealer, exfiltrating sensitive files and credentials from browser databases via Telegram...
New Version of Rilide Data Theft Malware Adapts to Chrome Extension Manifest V3
Cybersecurity researchers have discovered a new version of malware called Rilide that targets Chromium-based web browsers to steal sensitive data and steal cryptocurrency. "It exhibits a higher level of sophistication through modular design, code obfuscation, adoption to the Chrome Extension...
New Web-Based Credit Card Stealer Uses Telegram Messenger to Exfiltrate Data
Cybercriminal groups are constantly evolving to find new ways to pilfer financial information, and the latest trick in their arsenal is to leverage the messaging app Telegram to their benefit. In what's a new tactic adopted by Magecart groups, the encrypted messaging service is being used to send...