4 matches found
Malicious code in fury_frontend-andes-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 29bea4f118854efa6568545722d7210a76e06e64cad4036e0cc0b45c45aafe37 The package's postinstall hook auto-executes index.js on npm install. The script collects the installer's OS username os.userInfo, current working...
Malicious code in udn_extras (npm)
The package is a malware because it contains a postinstall script that executes index.js. The index.js script gathers sensitive information such as hostname, platform, username, IP address, and environment variables and sends it to an external server webhook.site via an HTTPS POST request. This...
Malicious Package
Overview certtifi is a malicious package. It attempts typosquatting popular packages. The malicious script is base64 obfuscated located in init.py file and tries to steal the current username, platform and IP information and send them to a remote host. Malicious behavior python import getpass...
Malicious Package
Overview certifiee is a malicious package. It attempts typosquatting popular packages. The malicious script is base64 obfuscated located in init.py file and tries to steal the current username, platform and IP information and send them to a remote host. Malicious behavior python import getpass...