Malicious code in tensorflowjs (npm)

Package is malicious due to code obfuscation, arbitrary command execution via childprocess.spawn, and suspicious postinstall script. --- -= Per source details. Do not edit below this line.=-...

Malicious code in is (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a1baf574e6278b3c20c30fdd7875414ed04c1a695eb226fd43328004c6916873 "is" had unauthorized new versions published that contained malicious obfuscated code via account compromise...

MAL-2025-6020 Malicious code in is (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a1baf574e6278b3c20c30fdd7875414ed04c1a695eb226fd43328004c6916873 "is" had unauthorized new versions published that contained malicious obfuscated code via account compromise...

MAL-2025-191771 Malicious code in jython-file (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fc56f6ba4b75b25d4289c3aa3cb1d05f9b1d7bbfacf00b11e270d76ba87a1a3e Package attempts to load in an obfuscated way a code from a file not included in the package as well as inject a dynamic library to the Python dynamic libs...

SharPyShell

SharPyShell SharPyShell is a tiny and obfuscated ASP.NET webshell that executes commands received by an encrypted channel compiling them in memory at runtime. SharPyShell supports only C web applications that runs on .NET Framework = 2.0VB is not supported atm. Usage python3 SharPyShell.py genera...

MAL-2025-5829 Malicious code in node-mongoose-orm (npm)

The package employs typosquatting to impersonate a legitimate author and package, and it contains obfuscated code that exfiltrates sensitive user data and creates a backdoor for remote code execution, The core of the malicious activity is found in the package/lib/writer.js file. The lib/writer.js...

Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month

Cybersecurity researchers are calling attention to a "large-scale campaign" that has been observed compromising legitimate websites with malicious JavaScript injections. According to Palo Alto Networks Unit 42, these malicious injects are obfuscated using JSFuck, which refers to an "esoteric and...

Malicious code in caixaequ2ahzoop (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 da1d699d5d12de135ae0da4180622e30084a77fd76ee5cd36fe5667ce14c4bbe Obfuscated code gets a command from the remote target and executes it. At the time of the test, it was just "whoami". Thus, it's rather just an experiment ---...

Malicious npm Package Leverages Unicode Steganography, Google Calendar as C2 Dropper

Cybersecurity researchers have discovered a malicious package named "os-info-checker-es6" that disguises itself as an operating system information utility to stealthily drop a next-stage payload onto compromised systems. "This campaign employs clever Unicode-based steganography to hide its initia...

Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack

Cybersecurity researchers have discovered three malicious Go modules that include obfuscated code to fetch next-stage payloads that can irrevocably overwrite a Linux system's primary disk and render it unbootable. The names of the packages are listed below - github.com/truthfulpharm/prototransfor...

MAL-2025-191816 Malicious code in pretty-cli-logger (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 94cd11911ce2a0937d9e56087ce9487db18da5bb20df7f1f8948f8356d65c31d Contains an obfuscated code that will download and run a remote script. At the time of the analysis, the remote URLs were delivering empty results --- Category...

Nine-Year-Old npm Packages Hijacked to Exfiltrate API Keys via Obfuscated Scripts

Cybersecurity researchers have discovered several cryptocurrency packages on the npm registry that have been hijacked to siphon sensitive information such as environment variables from compromised systems. "Some of these packages have lived on npmjs.com for over 9 years, and provide legitimate...

MAL-2025-191836 Malicious code in pyrovider (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a346a7f634bedd557ab051ccf33b892a2b6420a97c426a877476b7a66b1acf55 On importing the module, package exfiltrates basic data like username. It's obfuscated with a lot of meaningless text and has no other purpose --- Category:...

Malicious code in sintok (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7ac54e69b2c1c8f39c9a938ce34d0f0382a0185aa821e4d8e6eaeaac1c456ecb Importing the module starts Obfuscated code that downloads a well-recognized malware. In the further variations, the code that download and starts the maliciou...

MAL-2025-191869 Malicious code in sintok (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7ac54e69b2c1c8f39c9a938ce34d0f0382a0185aa821e4d8e6eaeaac1c456ecb Importing the module starts Obfuscated code that downloads a well-recognized malware. In the further variations, the code that download and starts the maliciou...

MAL-2024-12185 Malicious code in dscss (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: oracle-using-macaron fb41535db040ebc6147f3cfe1bfc3f5638402e85fc889d78d6101814d6f4bc10 This package contains a highly obfuscated code and executes the code in a long hexadecimal string...

Malicious code in dscss (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: oracle-using-macaron fb41535db040ebc6147f3cfe1bfc3f5638402e85fc889d78d6101814d6f4bc10 This package contains a highly obfuscated code and executes the code in a long hexadecimal string...

MAL-2024-12342 Malicious code in rwoka (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 601385385b682f6bdaa31c763e64c5fafb16f22df60acd266c9c7f23f73208ee The package contains highly obfuscated content, that install another, downloaded from a remote location obfuscated script in the installation path of the...

MAL-2024-12287 Malicious code in hmac2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 055915f62eab8a5fe37b7501a3ed565a2aba267bdd69e82acaa13525bacf41a1 The package contains obfuscated code that exfiltrate basic data, and then executes commands delivered from remote server --- Category: MALICIOUS - The campaign...

Malicious code in hmac2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 055915f62eab8a5fe37b7501a3ed565a2aba267bdd69e82acaa13525bacf41a1 The package contains obfuscated code that exfiltrate basic data, and then executes commands delivered from remote server --- Category: MALICIOUS - The campaign...