BITTER APT Uses Signal, Google, and Zoom Lures to Spread ProSpy Spyware

BITTER APT spreads ProSpy and ToSpy via Signal, Google, and Zoom lures, targeting journalists through LinkedIn and iMessage spearphishing...

EUVD-2025-117508

Malicious code in bitter-black-koi npm...

Malicious code in bitter_turkey_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f47a15f41e45f960ffea6f4efffbf1f86a8feac488ddd60adf0a79fa69ea7633 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-125203 Malicious code in bitter_tarantula_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d7242981c78170a184e3e8e53168053d8e34239670829d6181bdd7ae563cb3df This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-92981

Malicious code in bitterdormousez3n npm...

EUVD-2025-74859

Malicious code in bittersilkwormazure-99 npm...

EUVD-2025-77684

Malicious code in bitterdamselflyz3n npm...

EUVD-2025-82640

Malicious code in bitterspoonbillz3n npm...

EUVD-2025-55672

Malicious code in bitter-apricot-baboon npm...

EUVD-2025-55673

Malicious code in bitter-apricot-anglerfish npm...

Malicious code in bitter-apricot-anglerfish (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38874b1117a1b7bac191dd5f956e349f10f29dad68873cce1ad6ecfb9b476200 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-66976 Malicious code in bitter-apricot-anglerfish (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38874b1117a1b7bac191dd5f956e349f10f29dad68873cce1ad6ecfb9b476200 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in bitter-amaranth-goat (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3475c1055d288b9120627a66324867afb18bcc2e5006888133c2ae625e842c58 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-55675

Malicious code in bitter-amaranth-goat npm...

EUVD-2025-55674

Malicious code in bitter-amaranth-starfish npm...

Malicious code in bitter-amaranth-starfish (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f685da90c788d49cc51fa687222e101b05dc039c5915454556f1deba7f221632 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-62107 Malicious code in bitter_roundworm_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9894f43c1d3f92ded51016727de09459d31554ff5dfd312380d12ce53f1a1e52 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-50649

Malicious code in bittercoralz3n npm...

Bitter APT Exploiting Old WinRAR Vulnerability in New Backdoor Attacks

South Asian hacking group Bitter APT-Q-37 is deploying a C backdoor using two new methods: a WinRAR flaw and malicious Office XLAM files, targeting government and military sectors...

Malicious code in typopro-web-TypoPRO-Bitter (npm)

The package typopro-web-TypoPRO-Bitter was found to contain malicious code...