8 matches found
Malicious code in velocityfix (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c937a54c3629f80fb7b92fbdafda502706b6028b43bc4675eb30c55d9bc059e9 Package masquerades as 'Performance fixes for Minecraft Velocity proxy' authored by 'Velocity Team' — Velocity is a Java project from PaperMC and has...
Malicious code in prisma-client-python (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ba0c0f6a1d1bdb5bffb45ca56fb99b8084fba921cc7689b6e8913c0436fe392 The package's CLI flow ppy generate reads dist/index.enc, a 346 KB AES-encrypted blob, decrypts it using a key extracted from dist/key.enc substring...
MAL-2026-2891 Malicious code in chai-as-init (npm)
chai-as-init is a malicious npm package that when imported downloads a C2 dropper from https://api.npoint.io/c2e881b8bc0fe2121454 and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...
Malicious code in trgrip (npm)
trgrip is a malicious npm package that when imported downloads a C2 dropper from https://44.206.172.239:7443/direct/download/97900a0e-c691-483a-a988-97b76f205c0f and executes it. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...
MAL-2026-2894 Malicious code in chai-as-nobj (npm)
chai-as-nobj is a malicious npm package that when imported downloads a C2 dropper from https://api.npoint.io/5b357f718ab4ee355003 and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...
HTTP Fetch, Windows Upload/Execute, Reverse All-Port TCP Stager
Fetch and execute an x86 payload from an HTTP server. Uploads an executable and runs it staged. Try to connect back to the attacker, on all possible ports 1-65535, slowly Module Options msf use payload/cmd/windows/http/x86/upexec/reversetcpallports msf payloadreversetcpallports show actions...
Malicious code in veilcord-tls (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: oracle-using-macaron aed8328880d0c346cc1c0c9d51602617be4ea88a7a23878b68164484949555b2 This package decodes a payload and executes it whenever it is imported. It seems to be targeting veilcord package users. Its contents are almost...
Malicious code in testinbro (npm)
The package contains code to download and execute an infostealer payload. --- -= Per source details. Do not edit below this line.=-...