MAL-2026-5797 Malicious code in neurodrift (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1b632fa784b6125daaba0e4a2b9e775bc4fec21c7d41127b887f9dfe6e873ce0 During installation, the code attempts to download and start a malicious executable. Likely related to 2025-08-raknet-testing-package. --- Category: MALICIOUS ...

MAL-2026-5795 Malicious code in gptminifast (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 367066b272bcc8da7b253c53e1771b5aad257edef1e77ee29fc9a8c9ba73bf63 During installation, the code attempts to download and start a malicious executable. Likely related to 2025-08-raknet-testing-package. --- Category: MALICIOUS ...

MAL-2026-5769 Malicious code in ezllmgen (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9ad551d9ee9ad2f3c29daab0377c3e52289324e938e28a3b58d71c60e8e15e8 setup.py downloads the first line of https://pastebin.com/raw/yBcUM1QB via urllib and passes it directly to os.systemf'cmd /c "cmdpastebin"' during...

MAL-2026-5101 Malicious code in @antoncallahan/aws-user-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f93a70eff01af53e3710dab5d23b991b7255e6236bc2db796097bb35ace98a6e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5088 Malicious code in crypto-helper (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bbb379240ef7e43770f6dab576919fa97bd23ffbb8d3e39b31fd656649335fd7 During installation, the code tamper with security settings and downloads and executes malicious executable. --- Category: MALICIOUS - The campaign has clearly...

MAL-2026-3563 Malicious code in @uipath/packager-tool-webapp (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c76aeb1a6159cbf098abccd70c3d3006fb763c2ef580545a64d87267a79705ae Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-2421 Malicious code in @mgcrae/pino-pretty-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c31dc9253706aebd955016075e321d19d7dfc9b231882d7b24a6c932fa3dfa80 The package @mgcrae/pino-pretty-logger was found to contain malicious code. Source: ghsa-malware...

MAL-2026-2142 Malicious code in roboat-util (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 869ea4b94181bc5ef23562a4d749b462fb7079112cca74072ee9036fb397921f During installation, a malicious executable is downloaded and run. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...

MAL-2025-192996 Malicious code in @vietmoney/react-native-htmlview (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82606664e32d7050a729171d5dac24f54950e90b7259a7f90a582e94632fcc61 The package @vietmoney/react-native-htmlview was found to contain malicious code. Source: ghsa-malware...

MAL-2025-192322 Malicious code in joyboyw (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 36ac711534f46e41704c145912a7a6c3a51f64bb1888469e0730768e00865242 Contains a function to silently download malware --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

MAL-2025-162226 Malicious code in nokire-akaza15 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 843bd510d75c7ba653e026b99837d4a4059874654debd0ec979caa7d72b9010c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-191938 Malicious code in xwormclient (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4a6c0b4ce2747e70d2e9f46f624188d4da6a70af3182e6e94b22de7446dc180c Importing the module downloads and executes widely recognized malware --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...

MAL-2025-29157 Malicious code in phone-scrape-dll (npm)

The package phone-scrape-dll was found to contain malicious code...

MAL-2025-19377 Malicious code in eldsjal (npm)

The package eldsjal was found to contain malicious code...

MAL-2025-16056 Malicious code in bplascom (npm)

The package bplascom was found to contain malicious code...

MAL-2025-24771 Malicious code in krdwrd (npm)

The package krdwrd was found to contain malicious code...

MAL-2025-20085 Malicious code in express-tld (npm)

The package express-tld was found to contain malicious code...

MAL-2025-13327 Malicious code in @zalastax/nolb-proj (npm)

The package @zalastax/nolb-proj was found to contain malicious code...

MAL-2025-23278 Malicious code in interferometry-hyperion-astrophysics-xml (npm)

The package interferometry-hyperion-astrophysics-xml was found to contain malicious code...

MAL-2025-13907 Malicious code in a-lbum-do-wnload-avai-lable-file-2015-35030-woman-oeh1w-xjgwws (npm)

The package a-lbum-do-wnload-avai-lable-file-2015-35030-woman-oeh1w-xjgwws was found to contain malicious code...