Malicious code in @cloudsop/hmoment (npm)

Malicious package due to suspicious install script attempting to require the current directory and low project popularity. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad95ef51ef99f49ca08b99a81d6a18ecb75dafb1dad2afc2bca687f221ef95dc The package...

Malicious code in @ceeferenderer/fe-renderer-sdk (npm)

Multiple evidences suggest malicious intent: code obfuscation, dynamic code execution, process access, install script, and suspicious email. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector feee20bafab758bb648bbe425a100a13e6d21799552a2b5566fe6029faef6ce4 Package...

MAL-2026-2406 Malicious code in @ceeferenderer/fe-renderer-sdk (npm)

Multiple evidences suggest malicious intent: code obfuscation, dynamic code execution, process access, install script, and suspicious email. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector feee20bafab758bb648bbe425a100a13e6d21799552a2b5566fe6029faef6ce4 Package...

Malicious code in cclr-component-resources (npm)

Multiple evidences suggest this package is a malware: code obfuscation, dynamic code execution, suspicious domain, and unusual install script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 61af3265fce06cfbb9bbf20e38d468e136487f69c41f70b0bbb1b331535bdf82 The...

MAL-2026-2413 Malicious code in cclr-component-resources (npm)

Multiple evidences suggest this package is a malware: code obfuscation, dynamic code execution, suspicious domain, and unusual install script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 61af3265fce06cfbb9bbf20e38d468e136487f69c41f70b0bbb1b331535bdf82 The...

Malicious code in mgrcfg (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 eeb9b6975940ff31a6a0f6361fd93d8d361a3687103c94c011a6fdf510a2fdec The code exfiltrates content copied to clipboard content to a hardcoded location. The code is obfuscated and has a persistence mechanism. --- Category: MALICIO...

Malicious code in rowrapee (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 398cfbdac2d3602a5c9836408942993c3f2bbcda911184825f01cf9937fb035e The package hides code to download and start malicious script containing malware, identified as adware. The triggering method seems to be PTH file, although it...

MAL-2026-2121 Malicious code in roboat (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f04db4869c9e981873683b537f335c1f25c7c17c283315859699855a9c20816b During installation, the code attempts to download and start malware. Connected with the campaign based on the time correlation and other packages published by...

Malicious Package

Overview react-performance-suite is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

MAL-2026-2118 Malicious code in hash-utils-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4177b7c46ecbfa35116b35a2a491107d0514cd6551a447b7213ef6e097172939 During importing the module, the code attempts to exfiltrate sensitive Telegram's client session files. --- Category: MALICIOUS - The campaign has clearly...

MAL-2026-2112 Malicious code in apply-hive-table (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cd10a24231fb7b6830827a26ee11d450938fce94e811f0c233c6a63a8e3c98d9 In specific environments, during installation, the package attempts to exfiltrate some basic information using DNS requests and then cover tracks by installing...

Malicious code in tailwind-font-inter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2cb39a969b06dada95f847c6d5fc21fd0cb38a37c6b38a6b60ef1ca439f2147 The package tailwind-font-inter was found to contain malicious code. Source: ghsa-malware...

Malicious code in react-tailwindcss-style (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5602af4bd6e54460627a64eb9632c4f1ec0e8604d523b76c272346a2f599cb99 The package react-tailwindcss-style was found to contain malicious code. Source: ghsa-malware...

MAL-2026-2111 Malicious code in tailwind-font-inter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2cb39a969b06dada95f847c6d5fc21fd0cb38a37c6b38a6b60ef1ca439f2147 The package tailwind-font-inter was found to contain malicious code. Source: ghsa-malware...

MAL-2026-2110 Malicious code in react-tailwindcss-style (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5602af4bd6e54460627a64eb9632c4f1ec0e8604d523b76c272346a2f599cb99 The package react-tailwindcss-style was found to contain malicious code. Source: ghsa-malware...

MAL-2026-2109 Malicious code in pyregions-snowflake (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4c3a6759d779c0fe3ffac5559aa5f8915f72cab6bce545e1fe261f3caab47a65 During installation, the package starts obfuscated code that downloads and runs remote executables in specific environments - in older packages - attempts to...

MAL-2026-2107 Malicious code in financial-crimes-general-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 21f201c2aada618cb80f926b029f6b83b3f3bd9ffd0b35d5a4bb0c3aa1afd792 In specific environments, during installation, the package attempts to exfiltrate some basic information using DNS requests and then cover tracks by installing...

Malicious code in in-app-marketing (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d475c46e8eda7ca153485336dce8c0b7d3bf8e3ea31a871232bc815438bc140c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in shakti-pwa (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bdac10e664bf4e0a73263401629caf12d2ed80e3cf76f36fa18a7c2d599e5229 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in pulse-scroll-triggered-list-items (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5917623184677210f5a42bead660945379d7a3c1cabf055e011a2794a233d517 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...