MAL-2026-5585 Malicious code in polymarket-clob-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a40eb434e89ad381733b42cb87bd88d0da0913520a210fd4f6da175e1a115f9f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview polymarket-clob-api is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in polymarket-clob-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a40eb434e89ad381733b42cb87bd88d0da0913520a210fd4f6da175e1a115f9f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in clob.api (npm)

A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...