Lucene search
K

108 matches found

OSV
OSV
added 2026/05/13 8:21 p.m.6 views

MAL-2026-3710 Malicious code in ethers-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8f43ab2ac9caeed4f5dd0895f4da7d3a646038768f5d0024f443bb527fd1ad95 The OpenSSF Package Analysis project identified 'ethers-logger' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/13 12:1 p.m.9 views

Malicious code in ethers-io (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 098acd1dccfed8bcaea9f56206745eef7c9e4cd368599ba23f762a84c86bbc14 The package's package.json declares a postinstall script that base64-decodes a hidden URL http://8.217.75.147:3000/payload and pipes the HTTP respons...

6AI score
Exploits0References2
OSV
OSV
added 2026/05/13 12:1 p.m.5 views

MAL-2026-3708 Malicious code in ethers-io (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 098acd1dccfed8bcaea9f56206745eef7c9e4cd368599ba23f762a84c86bbc14 The package's package.json declares a postinstall script that base64-decodes a hidden URL http://8.217.75.147:3000/payload and pipes the HTTP respons...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/13 11:58 a.m.11 views

Malicious code in ethers-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a7b953533124edcc31e4293ed6bffe010e9110d795f812ba432de8b81d4d558 package.json declares a postinstall hook that base64-decodes the URL http://8.217.75.147:3000/payload, fetches it via curl over plain HTTP, and pipes...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/05/13 11:58 a.m.8 views

MAL-2026-3707 Malicious code in ethers-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a7b953533124edcc31e4293ed6bffe010e9110d795f812ba432de8b81d4d558 package.json declares a postinstall hook that base64-decodes the URL http://8.217.75.147:3000/payload, fetches it via curl over plain HTTP, and pipes...

5.9AI score
Exploits0References1
RustSec
RustSec
added 2026/03/14 12:0 p.m.14 views

`tracing-ethers` was removed from crates.io due to malicious code

The tracing-ethers crate attempted to exfiltrate ssh keys to an app hosted on vercel.app The malicious crate had 9 version published on 2026-03-09 approximately 5 days before removal and had no evidence of actual downloads. There were no crates depending on this crate on crates.io. Thanks to the...

5.8AI score
Exploits0
OSV
OSV
added 2026/03/14 12:0 p.m.5 views

RUSTSEC-2026-0040 `tracing-ethers` was removed from crates.io due to malicious code

The tracing-ethers crate attempted to exfiltrate ssh keys to an app hosted on vercel.app The malicious crate had 9 version published on 2026-03-09 approximately 5 days before removal and had no evidence of actual downloads. There were no crates depending on this crate on crates.io. Thanks to the...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/05 9:21 p.m.8 views

Malicious code in ethers-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 315365a10d9e3322792c18bdb8c5a8e620bbcc2a9ad8d5a1d5ef139ef6e47777 The package ethers-lint was found to contain malicious code. Source: ossf-package-analysis...

5.4AI score
Exploits0
OSV
OSV
added 2026/02/05 9:21 p.m.5 views

MAL-2026-773 Malicious code in ethers-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 315365a10d9e3322792c18bdb8c5a8e620bbcc2a9ad8d5a1d5ef139ef6e47777 The package ethers-lint was found to contain malicious code. Source: ossf-package-analysis...

5.4AI score
Exploits0
The Hacker News
The Hacker News
added 2025/11/20 4:57 p.m.6 views

Tsundere Botnet Expands Using Game Lures and Ethereum-Based C2 on Windows

Cybersecurity researchers have warned of an actively expanding botnet dubbed Tsundere that's targeting Windows users. Active since mid-2025, the threat is designed to execute arbitrary JavaScript code retrieved from a command-and-control C2 server, Kaspersky researcher Lisandro Ubiedo said in an...

7.3AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/02 7:58 p.m.4 views

Malicious code in ethers-5 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8842d229aa4e9c24c85ce8a9be99c6690dbf62bef2bdf2ef716865c8a44adda3 The package ethers-5 was found to contain malicious code. Source: ossf-package-analysis...

7.2AI score
Exploits0
OSV
OSV
added 2025/11/02 7:58 p.m.4 views

MAL-2025-49312 Malicious code in ethers-5 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8842d229aa4e9c24c85ce8a9be99c6690dbf62bef2bdf2ef716865c8a44adda3 The package ethers-5 was found to contain malicious code. Source: ossf-package-analysis...

7.2AI score
Exploits0
EUVD
EUVD
added 2025/10/09 10:40 p.m.2 views

EUVD-2025-33654

Malicious code in web3j-io-ethers npm...

6.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/10/09 10:40 p.m.4 views

Malicious code in web3j-io-ethers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware adbbd3bde158787db574505a858f13ea34575b68e5b097210afebd82fd57aa73 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
EUVD
EUVD
added 2025/10/09 10:40 p.m.4 views

EUVD-2025-33655

Malicious code in web3-io-ethers npm...

6.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/10/09 10:40 p.m.4 views

Malicious code in web3-io-ethers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bd381fcab62a4bb995de676e8d28ac7ce56d03bbe312d71965ff538360604c25 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2025/10/09 10:40 p.m.2 views

MAL-2025-48240 Malicious code in web3j-io-ethers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware adbbd3bde158787db574505a858f13ea34575b68e5b097210afebd82fd57aa73 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2025/10/09 10:40 p.m.3 views

MAL-2025-48239 Malicious code in web3-io-ethers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bd381fcab62a4bb995de676e8d28ac7ce56d03bbe312d71965ff538360604c25 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/11 4:37 a.m.4 views

Malicious code in @flashbotts/ethers-provider-bundle (npm)

The package @flashbotts/ethers-provider-bundle was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 88980ba81c782cffc6fd3ec8404e5c34d79fe5ae04b08f979135e503c9b01c4f Any computer that has this package installed or running should be...

6.9AI score
Exploits0References1
Snyk
Snyk
added 2025/09/11 4:37 a.m.1 views

Malicious Package

Overview sdk-ethers is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.8AI score
Exploits0References2
Rows per page
Query Builder