271 matches found
MAL-2024-8955 Malicious code in storj-docs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c29c7e82f958f9ed89af6fc324d687bfe4e15d4b2aa49fee39f5aeeb4eee5583 The OpenSSF Package Analysis project identified 'storj-docs' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...
MAL-2024-8262 Malicious code in @diotoborg/dolorum-iste-excepturi (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4588a414515dad01e5dd23e9ea69cfbee630a53720788cb78d97ea24dda42083 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-9271 Malicious code in lab-3-package-438d82fc (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1647151de9ec3b78d6f3b3c4dc4bfe1f7b27f9c1ffdb56d482daa533fd2b1ec3 Packages showing simple variants of revshell with targets to ngrok. Most probably experiments. Later versions moved to use Burp Collaborator to exfiltrate simp...
MAL-2025-4239 Malicious code in rqeuets (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 92b72b3d477812895ac9758fb085afd1bc8840f817d7bcc491b4b36c8215e79d Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2024-7744 Malicious code in health-and-wellness-collab-macro-deploy (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 490467d98a5f3dcce3605ce769912fad8036917a2da1ab4065e039e6a970a34b The OpenSSF Package Analysis project identified 'health-and-wellness-collab-macro-deploy' @ 1.0.8 npm as malicious. It is considered malicious...
MAL-2024-7018 Malicious code in ruby-playing_cards (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-5800 Malicious code in pythoncolouringaddsv2 (PyPI)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-5794 Malicious code in pythoncoloringkitv2 (PyPI)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-5752 Malicious code in pyobfusfile (PyPI)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-5641 Malicious code in pyaescrypter (PyPI)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-5109 Malicious code in effre4frferfrf (PyPI)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in havas-worldwide (npm)
--- -= Per source details. Do not edit below this line.=-...
Exploit for Embedded Malicious Code in Tukaani Xz
CVE-2024-3094-detect XZ Utils Vulnerability Check and Downg...
MAL-2024-518 Malicious code in wlwz-2312-3806 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8ff474dae03304b68f3a67e93f561b34c48b83209a916b41537ad5a1dec8ead8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-52 Malicious code in onetake (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 52bec93f09b5dc6085214609ef35d8aaf2346d6e50e6a12e5304e16aa3493ae2 The OpenSSF Package Analysis project identified 'onetake' @ 1.1.30 npm as malicious. It is considered malicious because: - The package...
MAL-2023-8755 Malicious code in discord.js-selfbots-v13 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2aa956daa50889570aeb8de98727c75ac62f6c332efabdcff3dbaab8e43e6aeb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-8320 Malicious code in myaig-broker-portal-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3fd67b15eabdced87c5fbe689d7e0c286991ac7bb879f2f2135f5f2538a4e549 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-331 Malicious code in fc-amount (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware deda6264abf52468856de6a91a887594ca7b427f7093f2486999d3323f096408 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-5898 Malicious code in rawrequest (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx b9c75bf32c6679c49b3a17ee9ce320dfb26411c4fb2a7cf0fa4f06ceea5ae033 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
MAL-2023-7405 Malicious code in tpproofgameed (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 1ca3157b4b899b1298df45bf142c0698405a4baf8e49e5b55da7ddc495fc78f7 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...