5 matches found
Malicious code in pear-wrk-wdk (npm)
The package 'pear-wrk-wdk' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.com...
Malicious code in @diotoborg/aspernatur-in (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2db9352ce5aeccd44ca3b1ffcae6aca686f8859bb9797ca54c770a8fa6700815 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @diotoborg/quia-harum (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 36e96c5096009919782abeb8222b712a4cd7bc67592838577c9bdfb7fc4abd83 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in 0supportscolor (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8c430a61fb64569c2e4ee9d61d852f0189d613b8a916487edce0ba29c2ac69e9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in thesis-form (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8878bca276c410b3043886cc4e1292d4991c909a98078d879690ac7c2671a1ab Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...