3 matches found
Malicious code in eth-dev (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51f051957ac6f91e8567df873978b45c0c81a170f94decbd735d329f312ff1bb On require, index.js schedules a 37-second delayed routine that reads test/fixtures/keypairs.dat, base64-decodes it into /.cache-db/.node-sync/syncd....
Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise
A previously undocumented Linux implant codenamed Quasar Linux RAT QLNX is targeting developers' systems to establish a silent foothold as well as facilitate a broad range of post-compromise functionality, such as credential harvesting, keylogging, file manipulation, clipboard monitoring, and...
Malicious code in remjsonparse (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e478d1e016f1d6d6d1cb4a9d23ac45449c22d99aa8e71c88d2f38fae8951f23f During import, package starts advanced compromise actions: exfiltrates AWS and git credentials, commands history, security tools in use. After that, the code...