76 matches found
MAL-2026-2271 Malicious code in metamask-api (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d741c998a924aa720c19f13cbb622ebb5862abde8765dac7f8bb2cf1b219c3dc Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...
Malicious Package
Overview metamask-extension-generate-attributions is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organizati...
Discord Controlled NodeCordRAT Steals Chrome Data via NPM Packages
Zscaler ThreatLabz identifies three malicious NPM packages mimicking Bitcoin libraries. The NodeCordRAT virus uses Discord commands to exfiltrate MetaMask data and Chrome passwords...
EUVD-2025-198874
Malicious code in @ensdomains/cypress-metamask npm...
Malicious code in @ensdomains/cypress-metamask (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 19427e64315a085f7001dff6a896730aa4cce33cf679f6a2da0a8bc61e96fb58 The package @ensdomains/cypress-metamask was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190803 Malicious code in @ensdomains/cypress-metamask (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 19427e64315a085f7001dff6a896730aa4cce33cf679f6a2da0a8bc61e96fb58 The package @ensdomains/cypress-metamask was found to contain malicious code. Source: ghsa-malware...
Supply Chain Attack
@metamask/sdk, @metamask/sdk-communication-layer, and @metamask/sdk-react are vulnerable to Supply Chain Attack. The vulnerability is due to a compromised debug package that injected malicious code, allowing attackers to intercept or tamper with dApp-to-wallet communications...
Malicious Package
Overview metamask-api is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
EUVD-2025-29252
Malicious code in bioql PyPI...
EUVD-2022-36035
Malicious code in bioql PyPI...
CVE-2025-59330 [email protected] contains malware after npm account takeover
error-ex allows error subclassing and stack customization. On 8 September 2025, an npm publishing account for error-ex was taken over after a phishing attack. Version 1.3.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect...
GHSA-QJ3P-XC97-XW74 MetaMask SDK indirectly exposed via malicious [email protected] dependency
Who is affected? This advisory only applies to developers who use MetaMask SDK in the browser and who, on Sept 8th 2025 between 13:00–15:30 UTC, performed one of the following actions and then deployed their application: - Installed MetaMask SDK into a project with a lockfile for the first time -...
MetaMask SDK indirectly exposed via malicious [email protected] dependency
Who is affected? This advisory only applies to developers who use MetaMask SDK in the browser and who, on Sept 8th 2025 between 13:00–15:30 UTC, performed one of the following actions and then deployed their application: - Installed MetaMask SDK into a project with a lockfile for the first time -...
RatOn Android Malware Detected With NFC Relay and ATS Banking Fraud Capabilities
A new Android malware called RatOn has evolved from a basic tool capable of conducting Near Field Communication NFC relay attacks to a sophisticated remote access trojan with Automated Transfer System ATS capabilities to conduct device fraud. "RatOn merges traditional overlay attacks with automat...
Malicious code in metamask-api (npm)
The package metamask-api was found to contain malicious code...
MAL-2025-42024 Malicious code in metamask-api (npm)
The package metamask-api was found to contain malicious code...
Scavenger Trojan Targets Crypto Wallets via Game Mods and Browser Flaws
New Scavenger Trojan steals crypto wallet data using fake game mods and browser flaws, targeting MetaMask, Exodus, Bitwarden, and other popular apps...
Malicious code in @md_nafeed/synpress-metamask (npm)
The package communicates with a domain associated with malicious activity...
CVE-2022-32969
MetaMask before 10.11.3 might allow an attacker to access a user's secret recovery phrase because an input field is used for a BIP39 mnemonic, and Firefox and Chromium save such fields to disk in order to support the Restore Session feature, aka the Demonic issue...
Malicious code in metamask-sdk-e2e (npm)
--- -= Per source details. Do not edit below this line.=-...