Malicious code in axl-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6fbc071f0ee6323c87fa6be049a9b151217f7146605ef89b4494f7ef07e7d534 [email protected] is a dependency-confusion squat targeting an internal package name. package.json declares a postinstall hook node beacon.js that fires...

Malicious code in mcp-server-fetch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 34dfb6dc382073bace8a4d413b28000ff42770d04b9f69a88906230e2d83260a Package squats the unscoped name mcp-server-fetch an MCP server name commonly invoked via npx mcp-server-fetch by AI coding agents and developer...

Malicious code in ac_semantic-ui_ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8b97f7d3e69494d0415e13aec8d9d51ce1f5912d8c1de45a1e563e2d1b01d3d package.json declares a postinstall hook that runs canary.js, which issues an HTTP GET to bare IP 157.230.17.236 on port 80 with query parameters...

Malicious code in savant-listing (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7360e78a5c5d56ea9323cde1f41e33ce8cc6b625034ef82d067bbfeafee60461 [email protected] is a dependency-confusion squat. package.json declares both install and postinstall lifecycle scripts that run curl...

MAL-2026-2187 Malicious code in vision-service-python-client-internal (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ea39ef97e61556ba1ef289f438f9401ced47328bd49f096401ed4795792c8f7a Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-2184 Malicious code in auth0-ai-ms-agent (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2e341dbac5b5fcd3b5a882b5ee47e26051b72bacd4d552790c684174ba0e69ae Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Cloud Hypervisor: Host File Exfiltration via QCOW Backing File Abuse

...

MAL-2024-12307 Malicious code in muxf (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 694c32190cb5df1b380a25e3c2235d032724d67bef75b932ed4f59101a5f0e7a Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in pinloggertest (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d5f6beadd08c32e5fd2f899428285a58ab3d696ef0fc06d2eff10e2d8630fa9a Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2024-12343 Malicious code in shinchina (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0a21b3328ab75bc0d00f300ad728fa27c3b3acc2396d7af90522856afe628aca Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in pyowler (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 9df2ac0489cd9816fc13f309f73773ae3fc26794b44dd4930ab92a367115899f Malicious packages campaign targeting developers, payload is hidden using Steganography, exfiltrate host information...

`if-cfg` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the malicious user amaperf and contained a malware payload in build.rs to exfiltrate host information to the attacker. This advisory is to retrospectively document this attempted attack. The version information and download recor...