14 matches found
MAL-2026-10591 Malicious code in solana-key-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68b4680547530fce361014fe8c228734a8ec33bc8c834f46285e371e8f6b9f92 On require, index.js waits 37 seconds, reads test/fixtures/keypairs.dat a 53KB base64 blob disguised as a test fixture, no test harness references it...
MAL-2026-10572 Malicious code in eth-wallet-helpers (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 517d465272a3a1d252e83e178bb263a1ccf600b42fed6d5aa1d110b9141fc77a On require of index.js, a delayed IIFE reads test/fixtures/keypairs.dat, base64-decodes it into /.cache-db/.node-sync/syncd.js mode 0o700, and spawns...
Malicious code in nrwl.angular-console (VSCode)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 12636eadc931d19fc68ca6d30f5397404c6b782a67537c770c944ed9337a4125 The compromised version of the Nx Console VS Code extension contains malicious code injected into its main execution file. When a develope...
MAL-2026-5162 Malicious code in nrwl.angular-console (VSCode:https://open-vsx.org)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 12636eadc931d19fc68ca6d30f5397404c6b782a67537c770c944ed9337a4125 The compromised version of the Nx Console VS Code extension contains malicious code injected into its main execution file. When a develope...
MAL-2026-5161 Malicious code in nrwl.angular-console (VSCode)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 12636eadc931d19fc68ca6d30f5397404c6b782a67537c770c944ed9337a4125 The compromised version of the Nx Console VS Code extension contains malicious code injected into its main execution file. When a develope...
MAL-2026-4345 Malicious code in eo-terminal (npm)
Part of a multi-package malicious campaign by npm author toskypi, eo-terminal is a fully-featured infostealer and remote access trojan RAT disguised as "terminal changelog logger utilities." The package README describes a completely different package terminal-logger-utils, indicating a...
📄 Mac OS X Persistent Payload Installer
This Metasploit module provides a persistent boot payload by creating a launch item, which can be a LaunchAgent or a LaunchDaemon. LaunchAgents run with user level permissions and are triggered upon login by a plist entry in /Library/LaunchAgents. LaunchDaemons run with elevated privileges, and a...
Mac OS X Persistent Payload Installer
This module provides a persistent boot payload by creating a launch item, which can be a LaunchAgent or a LaunchDaemon. LaunchAgents run with user level permissions and are triggered upon login by a plist entry in /Library/LaunchAgents. LaunchDaemons run with elevated privilleges, and are launche...
CVE-2025-4412
CVE-2025-4412 concerns macOS: an attacker can use a Launch Agent to load viscosity_openvpn from the Viscosity app bundle and induce a dynamic library load under Viscosity’s TCC identity. This grants limited resource access without entitlements (e.g., not granting camera/mic); access to other reso...
Sparklabs Viscosity 安全漏洞
Sparklabs Viscosity is an OpenVPN client from Sparklabs Australia. A security vulnerability exists in SparkLabs Viscosity versions prior to 1.11.5, which stems from the possibility of exploiting the Launch Agent to load dynamic libraries to gain limited access to resources...
New Variant of XLoader macOS Malware Disguised as 'OfficeNote' Productivity App
A new variant of an Apple macOS malware called XLoader has surfaced in the wild, masquerading its malicious features under the guise of an office productivity app called "OfficeNote." "The new version of XLoader is bundled inside a standard Apple disk image with the name OfficeNote.dmg,"...
A New Ransomware Targeting Apple macOS Users Through Pirated Apps
Cybersecurity researchers this week discovered a new type of ransomware targeting macOS users that spreads via pirated apps. According to several independent reports from K7 Lab malware researcher Dinesh Devadoss, Patrick Wardle, and Malwarebytes, the ransomware variant — dubbed "EvilQuest" — is...
New Mac cryptominer has 23 older variants
On February 1, a new Mac cryptominer was discovered being distributed via a hack of the MacUpdate website. Since then, we've been doing some digging and found that this isolated incident was just the tip of the iceberg. The malware delivered by the MacUpdate hack appears to be the culmination of...
Writing OS X Malware at Black Hat 2015
Patrick Wardle has one word for today’s generation of Mac OS X malware: lame. Sure there are advanced samples out there developed by nation-state sponsored groups or exploit vendors such as Hacking Team, but for the most part, Wardle says, we’re still talking about malware that are standalone...