323 matches found
Malicious code in js-logger-pack (npm)
js-logger-pack is a fake npm logger that the attacker developed openly on the registry over 23 versions across two weeks 2026-04-01 to 2026-04-15. Version 1.1.20, published hours after initial detection, is a re-obfuscation of the same payload with a new hash — same C2, same capabilities. Early...
Malicious code in svchost (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a56926028e7e253a1ffb3ba27d6514a5cbc6b23964d7e1094846a895dd322656 Code exfiltrates sensitive crypto wallet's files and sets up a keylogger trying to catch the password to the wallet --- Category: MALICIOUS - The campaign has...
MAL-2026-2628 Malicious code in svchost (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a56926028e7e253a1ffb3ba27d6514a5cbc6b23964d7e1094846a895dd322656 Code exfiltrates sensitive crypto wallet's files and sets up a keylogger trying to catch the password to the wallet --- Category: MALICIOUS - The campaign has...
Malicious code in pckg-sv (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2ae45d504dadccaa437ebeaa729136ca7b38074149772b076c7abb34ab1e81f4 Code exfiltrates sensitive crypto wallet's files and sets up a keylogger trying to catch the password to the wallet --- Category: MALICIOUS - The campaign has...
MAL-2026-2627 Malicious code in pckg-sv (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2ae45d504dadccaa437ebeaa729136ca7b38074149772b076c7abb34ab1e81f4 Code exfiltrates sensitive crypto wallet's files and sets up a keylogger trying to catch the password to the wallet --- Category: MALICIOUS - The campaign has...
A laughing RAT: CrystalX combines spyware, stealer, and prankware features
Introduction In March 2026, we discovered an active campaign promoting previously unknown malware in private Telegram chats. The Trojan was offered as a MaaS malware‑as‑a‑service with three subscription tiers. It caught our attention because of its extensive arsenal of capabilities. On the panel...
SloppyLemming Targets Pakistan and Bangladesh Governments Using Dual Malware Chains
The threat activity cluster known as SloppyLemming has been attributed to a fresh set of attacks targeting government entities and critical infrastructure operators in Pakistan and Bangladesh. The activity, per Arctic Wolf, took place between January 2025 and January 2026. It involves the use of...
Malicious code in http-request-toolkit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 13b29a753802db633ab987963543535999a246049761d4d29699b66edf207f13 During import, package masquerade and starts an embedded executable. The executable has signs of infostealer activity --- Category: MALICIOUS - The campaign ha...
MAL-2026-912 Malicious code in http-request-toolkit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 13b29a753802db633ab987963543535999a246049761d4d29699b66edf207f13 During import, package masquerade and starts an embedded executable. The executable has signs of infostealer activity --- Category: MALICIOUS - The campaign ha...
Malicious code in requests-toolkit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ccf88804317b4caf9661eb94c320a521f7689c5cf26a8754ec219d268fc9c873 During import, package masquerade and starts an embedded executable. The executable has signs of infostealer activity --- Category: MALICIOUS - The campaign ha...
MAL-2026-903 Malicious code in requests-toolkit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ccf88804317b4caf9661eb94c320a521f7689c5cf26a8754ec219d268fc9c873 During import, package masquerade and starts an embedded executable. The executable has signs of infostealer activity --- Category: MALICIOUS - The campaign ha...
EUVD-2018-10244
Malware in sbrugna...
EUVD-2025-31116
Malicious code in bioql PyPI...
EUVD-2025-31104
Malicious code in bioql PyPI...
CVE-2025-10542
iMonitor EAM 9.6394 ships with default administrative credentials that are also displayed within the management client’s connection dialog. If the administrator does not change these defaults, a remote attacker can authenticate to the EAM server and gain full control over monitored agents and dat...
CVE-2025-10540
iMonitor EAM 9.6394 transmits client/server and monitor/server communications in plaintext with no authentication. An attacker on the network can intercept credentials, keylogger data, PII, and data in transit, and can tamper with traffic, including issuing arbitrary commands to client agents. Do...
PT-2025-39391
Name of the Vulnerable Software and Affected Versions iMonitor EAM version 9.6394 Description The software ships with default administrative credentials that are displayed within the management client’s connection dialog. If the administrator does not change these defaults, a remote attacker can...
Malicious code in panel-keylogger-sim (npm)
The package panel-keylogger-sim was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ddef5ca6a0aead05fafecfc9b6500798ffcd3d1e85048cd8c193233715be20e4 Any computer that has this package installed or running should be considered fully...
Malicious Package
Overview panel-keylogger-sim is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2025-42156 Malicious code in panel-keylogger-sim (npm)
The package panel-keylogger-sim was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ddef5ca6a0aead05fafecfc9b6500798ffcd3d1e85048cd8c193233715be20e4 Any computer that has this package installed or running should be considered fully...