MAL-2026-5795 Malicious code in gptminifast (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 367066b272bcc8da7b253c53e1771b5aad257edef1e77ee29fc9a8c9ba73bf63 During installation, the code attempts to download and start a malicious executable. Likely related to 2025-08-raknet-testing-package. --- Category: MALICIOUS ...

Analyzing Void Dokkaebi’s Cython-Compiled InvisibleFerret Malware

Void Dokkaebi, a North Korea-aligned intrusion set, has updated its information-stealing malware, InvisibleFerret, shifting its delivery format to evade script-based detections...

MAL-2026-4197 Malicious code in pretty-logger-utils (npm)

pretty-logger-utils is a malicious npm package that depends on terminal-logger-utils and triggers the malicious behavior in that package when installed or imported. The terminal-logger-utils payload executes a postinstall hook that opens utils.cjs, an obfuscated malware dropper. The dropper...

Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads

A malicious Hugging Face repository managed to take a spot in the platform's trending list by impersonating OpenAI's Privacy Filter open-weight model to deliver a Rust-based information stealer to Windows users. The project, named Open-OSS/privacy-filter, masqueraded as its legitimate counterpart...

N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust

The North Korea-linked persistent campaign known as Contagious Interview has spread its tentacles by publishing malicious packages targeting the Go, Rust, and PHP ecosystems. "The threat actor's packages were designed to impersonate legitimate developer tooling ..., while quietly functioning as...

MAL-2025-192659 Malicious code in hidden-powershell-runner-ax7 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5785c01837ec1727b89125cf1a3fec3ad941c4ff0b1246d8d16fec1dff53223a Importing the module downloads and starts remote executable identified as malware --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

MAL-2025-191164 Malicious code in JScearcy.rust-doc-viewer (VSCode:https://open-vsx.org)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 1dbdd73bf66fbfde48d73e86ebfbb11ca8bb6f44ff57a5030596fc189f962ddf This extension is malicious. When installed it runs an info stealer that exfiltrates user data including credentials and cryptocurrency...

MAL-2025-191165 Malicious code in kleinesfilmroellchen.serenity-dsl-syntaxhighlight (VSCode:https://open-vsx.org)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 4cd24ae9caaea029653d9b9516f034a9ff19684891421dd3558c584f02076c8f This extension is malicious. When installed it runs an info stealer that exfiltrates user data including credentials and cryptocurrency...

MAL-2025-191168 Malicious code in sissel.shopify-liquid (VSCode:https://open-vsx.org)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 8174c373fd818eb48388777436e30f84dcf0846593fcbddc3e73f898858a4317 This extension is malicious. When installed it runs an info stealer that exfiltrates user data including credentials and cryptocurrency...

MAL-2025-191160 Malicious code in ellacrity.recoil (VSCode:https://open-vsx.org)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security c10eec28bf8da96caa61583697ae4e44102b7a4f1b84e361e0f609be824a79c6 This extension is malicious. When installed it runs an info stealer that exfiltrates user data including credentials and cryptocurrency...

MAL-2025-191167 Malicious code in SIRILMP.dark-theme-sm (VSCode:https://open-vsx.org)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a30acc5c978ef579bc01603521f705b16016df5a2e72e44e1c0f3222ff2e6068 This extension is malicious. When installed it runs an info stealer that exfiltrates user data including credentials and cryptocurrency...

MAL-2025-191166 Malicious code in l-igh-t.vscode-theme-seti-folder (VSCode:https://open-vsx.org)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security dc07b5a9c4c6f86929db6d62c15f2c2a9c52912263950282c709e0b68387f54b This extension is malicious. When installed it runs an info stealer that exfiltrates user data including credentials and cryptocurrency...

MAL-2025-191157 Malicious code in cline-ai-main.cline-ai-agent (VSCode)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 04aeefbf39e1e9157280b91899a141e4f4c6619d434c594e4a2d3bf43883dbe6 This extension is malicious. When installed it runs an info stealer that exfiltrates user data including credentials and cryptocurrency...

MAL-2025-49098 Malicious code in @dealmgmt/grid (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 3f1e7bb02af2f24d6a057db349128269908eb7e771722c7cf8aa637d3974058a This package installs a dependency hosted on a custom domain that runs an info stealer during installation. The info stealer focuses on...

Malicious code in dynamic-import-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security e6f301178847664c047f34b5ce64b443f6162b3a0c5113fed22a3a9d1bfcd793 This package installs a dependency hosted on a custom domain that runs an info stealer during installation. The info stealer focuses on...

MAL-2025-49100 Malicious code in dynamic-import-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security e6f301178847664c047f34b5ce64b443f6162b3a0c5113fed22a3a9d1bfcd793 This package installs a dependency hosted on a custom domain that runs an info stealer during installation. The info stealer focuses on...

MAL-2025-49099 Malicious code in @raux/ra-react-big-calendar (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 2a212e56b9bc45f8e1a5ba0e12813f0d333c9d77c3d94b1ec81b8bdd42655580 This package installs a dependency hosted on a custom domain that runs an info stealer during installation. The info stealer focuses on...

MAL-2025-48970 Malicious code in @msdyn365-commerce-marketplace/address-extensions (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 528dbe993a884d4b4a7005f6f60fb635ad06a01ee31e8cf08c6435b8cfc1277b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-49015 Malicious code in jira-ticket-todo-comment (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 37f93f4caecf2a8d9f056f2b72cb51b1905579bf89bf8c1e994e68028c24d2c4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-49028 Malicious code in only-warn (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bf31c0df9e000c5a762fa04ecbaf0f9dd09103bcf544ca0aaebd43193b096a5a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...