188 matches found
Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack
Cybersecurity researchers have discovered three malicious Go modules that include obfuscated code to fetch next-stage payloads that can irrevocably overwrite a Linux system's primary disk and render it unbootable. The names of the packages are listed below - github.com/truthfulpharm/prototransfor...
MAL-2025-191816 Malicious code in pretty-cli-logger (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 94cd11911ce2a0937d9e56087ce9487db18da5bb20df7f1f8948f8356d65c31d Contains an obfuscated code that will download and run a remote script. At the time of the analysis, the remote URLs were delivering empty results --- Category...
Nine-Year-Old npm Packages Hijacked to Exfiltrate API Keys via Obfuscated Scripts
Cybersecurity researchers have discovered several cryptocurrency packages on the npm registry that have been hijacked to siphon sensitive information such as environment variables from compromised systems. "Some of these packages have lived on npmjs.com for over 9 years, and provide legitimate...
MAL-2025-191836 Malicious code in pyrovider (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a346a7f634bedd557ab051ccf33b892a2b6420a97c426a877476b7a66b1acf55 On importing the module, package exfiltrates basic data like username. It's obfuscated with a lot of meaningless text and has no other purpose --- Category:...
MAL-2025-191869 Malicious code in sintok (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7ac54e69b2c1c8f39c9a938ce34d0f0382a0185aa821e4d8e6eaeaac1c456ecb Importing the module starts Obfuscated code that downloads a well-recognized malware. In the further variations, the code that download and starts the maliciou...
Malicious code in sintok (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7ac54e69b2c1c8f39c9a938ce34d0f0382a0185aa821e4d8e6eaeaac1c456ecb Importing the module starts Obfuscated code that downloads a well-recognized malware. In the further variations, the code that download and starts the maliciou...
MAL-2024-12185 Malicious code in dscss (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: oracle-using-macaron fb41535db040ebc6147f3cfe1bfc3f5638402e85fc889d78d6101814d6f4bc10 This package contains a highly obfuscated code and executes the code in a long hexadecimal string...
Malicious code in dscss (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: oracle-using-macaron fb41535db040ebc6147f3cfe1bfc3f5638402e85fc889d78d6101814d6f4bc10 This package contains a highly obfuscated code and executes the code in a long hexadecimal string...
MAL-2024-12342 Malicious code in rwoka (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 601385385b682f6bdaa31c763e64c5fafb16f22df60acd266c9c7f23f73208ee The package contains highly obfuscated content, that install another, downloaded from a remote location obfuscated script in the installation path of the...
MAL-2024-12287 Malicious code in hmac2 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 055915f62eab8a5fe37b7501a3ed565a2aba267bdd69e82acaa13525bacf41a1 The package contains obfuscated code that exfiltrate basic data, and then executes commands delivered from remote server --- Category: MALICIOUS - The campaign...
Malicious code in hmac2 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 055915f62eab8a5fe37b7501a3ed565a2aba267bdd69e82acaa13525bacf41a1 The package contains obfuscated code that exfiltrate basic data, and then executes commands delivered from remote server --- Category: MALICIOUS - The campaign...
Malicious code in cobo-python (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2f1c1c4efd134e130c04178382ff3ea318301fb18b5eb6eed696c49cf64e9ad6 It appears to be a forgotten pentest checking typosquatting against cobo-custody package, but may also have malicious purposes. During installation, if a machi...
MAL-2024-12239 Malicious code in cobo-python (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2f1c1c4efd134e130c04178382ff3ea318301fb18b5eb6eed696c49cf64e9ad6 It appears to be a forgotten pentest checking typosquatting against cobo-custody package, but may also have malicious purposes. During installation, if a machi...
Malicious code in cobo-custdoy (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1bb6da528665b6d869e583cb594f1f0cc7e7ccaf8cc5a7a859c0db9e7fa80c19 It appears to be a forgotten pentest checking typosquatting against cobo-custody package, but may also have malicious purposes. During installation, if a machi...
Malicious code in esdjiw (npm)
The package contains obfuscated code to load content from a suspicious external domain in the user's browser --- -= Per source details. Do not edit below this line.=-...
Malicious code in hwieiur (npm)
The package contains obfuscated code to load content from a suspicious external domain in the user's browser...
MAL-2024-8730 Malicious code in ywoeuwe (npm)
The package contains obfuscated code to load content from a suspicious external domain in the user's browser...
MAL-2024-8728 Malicious code in hwieiur (npm)
The package contains obfuscated code to load content from a suspicious external domain in the user's browser...
MAL-2024-8727 Malicious code in esdjiw (npm)
The package contains obfuscated code to load content from a suspicious external domain in the user's browser --- -= Per source details. Do not edit below this line.=-...
Malicious code in ywoeuwe (npm)
The package contains obfuscated code to load content from a suspicious external domain in the user's browser...