4 matches found
Malicious code in polymarket-trading-developer-tools (npm)
Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign targeting Polymarket developers. polymarket-trading-developer-tools uses a dropper technique: a postinstall hook downloads configuration from pm-trading-dev-tools-be.vercel.app and exfiltrates data to the...
Malicious code in restart-procyon-apollo-playwright (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f42e3571477042a427ea800803cc8cce7743f22a2f72d8c43432ac8fd4a5c96c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in objective_takin_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e3cb3f8b7ac93d8bb46af55df293e3b6b42ae066caf5f990f0fbecc50d3a8e3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in dono-keraktelor34-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1716b30badaac2d53c803286164589f870dc15f8e021d4353e7cbf6db3bc887d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...