398 matches found
MAL-2025-191890 Malicious code in tensorflowlitex (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c4b20463291f0bcc715ff6daffb6b2cc258096921b2aaf2a0b9bf96947b49b46 Importing the module init.py starts downloading and executing a remote exectuable, which has been identified by any.run and tria.ge as a malicious infostealer...
Malicious code in hyper-request (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d6431cc277fd1d8f82ec5160b5943d5ee9ec08ca1a5c5ff9b1b45d67c233b1d2 The only functionality is to exfiltrated Roblox cookies. However, the current version does not contain the webhook url yet see reqhandler.py --- Category:...
MAL-2025-1745 Malicious code in browser-data-collector (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in browser-data-collector (npm)
--- -= Per source details. Do not edit below this line.=-...
Exploit for Improper Check for Unusual or Exceptional Conditions in Mozilla Firefox
CVE-2024-4367-PoC This Proof of Concept PoC demonstrates the...
Malicious code in dcbotoffline3 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 80a535a6580b99aa10e80e810002076c68ae79c44c9fb17caff1f59978ebaaa7 Starting the module runs an infostealer targeting browsers and Discord data --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
Malicious code in dcbot-online (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a2b2d82d9610b559f44aa1473f097c56b8f87a6297941604807a0ec56bf2abf4 Starting the module runs an infostealer targeting browsers and Discord data --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
MAL-2025-191714 Malicious code in dcbot-online (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a2b2d82d9610b559f44aa1473f097c56b8f87a6297941604807a0ec56bf2abf4 Starting the module runs an infostealer targeting browsers and Discord data --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
MAL-2025-191715 Malicious code in dcbotoffline3 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 80a535a6580b99aa10e80e810002076c68ae79c44c9fb17caff1f59978ebaaa7 Starting the module runs an infostealer targeting browsers and Discord data --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
Astra Linux – Vulnerability in Zabbix
When the WebDriver for the Browser object downloads data from an HTTP server, the data pointer is set to NULL and is only allocated during the curlwritecb operation when receiving data. If the server’s response is an empty document, then wd-data in the code below will remain NULL, and attempting ...
Malicious code in requests-async (npm)
The package contains several malicious PowerShell and VBS scripts used to harvest browser data, take screenshots, log keystrokes, and establish startup persistence. It also bundles a password stealer and exfiltrates stolen data via Slack and Discord webhooks. --- -= Per source details. Do not edi...
MAL-2025-618 Malicious code in requests-async (npm)
The package contains several malicious PowerShell and VBS scripts used to harvest browser data, take screenshots, log keystrokes, and establish startup persistence. It also bundles a password stealer and exfiltrates stolen data via Slack and Discord webhooks. --- -= Per source details. Do not edi...
Trend Micro Managed XDR Analysis of Infection From Fake Installers and Cracks
Our research shows how attackers use platforms like YouTube to spread fake installers via trusted hosting services, employing encryption to evade detection and steal sensitive browser data...
Trend Micro™ Managed XDR Analysis of Infection From Fake Installers and Cracks
Our research shows how attackers use platforms like YouTube to spread fake installers via trusted hosting services, employing encryption to evade detection and steal sensitive browser data...
MAL-2025-47 Malicious code in walletcore-gen (npm)
The package contains several malicious PowerShell and VBS scripts used to harvest browser data, take screenshots, log keystrokes, and establish startup persistence. It also bundles a password stealer and exfiltrates stolen data via Slack and Discord webhooks. --- -= Per source details. Do not edi...
MAL-2025-46 Malicious code in solanacore (npm)
The package contains several malicious PowerShell and VBS scripts used to harvest browser data, take screenshots, log keystrokes, and establish startup persistence. It also bundles a password stealer and exfiltrates stolen data via Slack and Discord webhooks. --- -= Per source details. Do not edi...
Malicious code in requesr (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b792f17b467610a1021820a7718884aa436487a9ec75d5ebf889d400efeaec24 Importing the module downloads and starts an infostealer attempting to exfiltrate data and establishing persistence through autorun directory. --- Category:...
MAL-2024-12308 Malicious code in my-main-manager (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ac004ff76ebc011d60ae86c56b7f57ddb6ac0d24ff0ddd9ad777319775f79282 While the package appears to be a manager for Windows service, the linked executable is an infostealer with capabilities like cookie stealing ang keylogger. Th...
MAL-2024-12330 Malicious code in pycryptographylibv3 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 961e4f12709e7f7b2cceaca041246d901647f258e22b2930e53a181dbe0c52ef Importing the module starts an infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2023-12-bananasqua...
Malicious code in pycryptographylibv3 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 961e4f12709e7f7b2cceaca041246d901647f258e22b2930e53a181dbe0c52ef Importing the module starts an infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2023-12-bananasqua...