MAL-2025-10230 Malicious code in @zalastax/nolb-_moq (npm)

The package @zalastax/nolb-moq was found to contain malicious code...

Moq v4.20.0-rc to 4.20.1 share hashed user data

Moq v4.20.0-rc to 4.20.1 include support for SponsorLink, which runs an obfuscated DLL at build time that scans local git config data and shares the user's hashed email address with SponsorLink's remote servers. There is no option to disable this. Moq v4.20.2 has removed this functionality...

GHSA-6R78-M64M-QWCF Moq v4.20.0-rc to 4.20.1 share hashed user data

Moq v4.20.0-rc to 4.20.1 include support for SponsorLink, which runs an obfuscated DLL at build time that scans local git config data and shares the user's hashed email address with SponsorLink's remote servers. There is no option to disable this. Moq v4.20.2 has removed this functionality...

PT-2023-32984 · Moq · Moq

Name of the Vulnerable Software and Affected Versions: Moq versions 4.20.0-rc through 4.20.1 Description: The issue concerns the inclusion of SponsorLink in certain versions of Moq, which runs an obfuscated DLL at build time. This DLL scans local git config data and shares the user's hashed email...

Undesired Behavior

Overview Affected versions of this package are vulnerable to Undesired Behavior. It contains a dependency on the SponsorLink package, which runs an obfuscated closed-source executable at buildtime. That executable spawns OS processes and performs network requests, including transferring a...

Malicious code in nuget.moq (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 994a79cf458055f0122c032a52d5f2b71ac70f96820cd54239224638df4da527 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...