9 matches found
Windows Persistence Bits Job
This Metasploit module establishes persistence through a BITS job that downloads and executes a payload. Background Intelligent Transfer Service BITS is a Windows service for transferring files in the background using idle network bandwidth. BITS jobs are persistent and will resume across reboots...
Malicious code in checkmarx.ast-results (VSCode:https://open-vsx.org)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 3205937565e6fad63cbece12a8463cd52f3e95c10ac99ab7e62a317e9c18717a This extension is a compromised version of the offical Checkmarx VSCode extensions available on the Microsoft Marketplace, by the TeamPCP...
MAL-2026-2231 Malicious code in checkmarx.ast-results (VSCode:https://open-vsx.org)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 3205937565e6fad63cbece12a8463cd52f3e95c10ac99ab7e62a317e9c18717a This extension is a compromised version of the offical Checkmarx VSCode extensions available on the Microsoft Marketplace, by the TeamPCP...
MAL-2025-193012 Malicious code in gridifies (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5b003711060bdfd51eddae8b2ec6fc00313aee8bb480e9017b5ad5d03dbf567c Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...
Malicious Package
Overview ansi-universal-ui is a malicious package. This package contains malicious code, and it has been removed from the official package manager. The package sets up a standalone Python runtime and downloads an obfuscated payload from an Appwrite storage bucket that, upon execution, performs an...
Malicious code in multithreadedexecution (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3248950b032e1381ddc79d43dfdba8fb6dccce4b1afafd5825e560d793b3bd09 Once run, package downloads and installs an infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
Malicious code in github.com/shallowmulti/hypert (Go)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 25d0e55a48f82ab8ddd5e90d258c133505fa7fea03b775c1987e0dd7f9453f08 Malcious typosquatting Go packages targeting Linux and macOS systems used to as a loader to download and run another malicious payload...
Malicious code in byfron (npm)
The package contains code to download and execute an infostealer payload...
Malicious code in testinbro (npm)
The package contains code to download and execute an infostealer payload. --- -= Per source details. Do not edit below this line.=-...