2 matches found
MAL-2026-5347 Malicious code in moustick (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector deae034e46d94eafe1db97a6a57a664400f03caa48af8f775f6064c361c6bb9a Package impersonates the popular cookie-signature library — it copies the description, README, author TJ Holowaychuk, and repository URL of...
Malicious Package
Overview moustick is a malicious package. This package contains malicious code that fetches and eval a remote payload from attacker-controlled URL https://www.jsonkeeper.com/b/MYUKZ on require in moustick/index.js. The payload is designed to extract RELAYERPRIVATEKEY and JWTSECRET from the victim...