35 matches found
Malicious code in twrap-toolkit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 174cba09d5ec9724bd55871c7f74c27ff8592bf55c06464204e0591667377259 twraptoolkit/init.py defines getpayload which issues a plaintext HTTP request to http://194.5.152.9:8080/hacks/textwrap-toolkit/textwraptoolkit/init....
MAL-2026-5841 Malicious code in twrap-toolkit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 174cba09d5ec9724bd55871c7f74c27ff8592bf55c06464204e0591667377259 twraptoolkit/init.py defines getpayload which issues a plaintext HTTP request to http://194.5.152.9:8080/hacks/textwrap-toolkit/textwraptoolkit/init....
MAL-2026-5799 Malicious code in boardflow (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9d5c1524281430272215f48a90b957cf08f76dcb9954cb73945421dff358eb2 package.json declares preinstall: node install.js, which fires automatically on npm install. install.js is heavily obfuscated obfuscator.io...
Malicious code in fastgptmini (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4da10d62527ca4b69f4458b6a01c77f01af42c5a1631d5cc6f207070d1ade20d setup.py fetches an opaque file from https://tmpfiles.org/dl/wJwhUXDhUK6M/zvgfsj.txt an anonymous, throwaway file-sharing host during pip install,...
MAL-2026-5295 Malicious code in coolbox (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c55bfdad112134e980af7568a9138be1e4b940f7bfbeebad2b0f85d9337a0f44 The wheel installs coolbox-setup.pth, a Python path-configuration file that Python auto-loads at every interpreter startup any python invocation...
MAL-2026-5046 Malicious code in @t-in-one/send_add_application (npm)
Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...
Malicious code in @t-in-one/add_application_tid (npm)
Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...
Malicious code in @t-in-one/restore_application_hid_from_storage (npm)
Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...
MAL-2026-5034 Malicious code in @t-in-one/add_application (npm)
Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...
Malicious code in @t-in-one/prefill_credit_data_token (npm)
Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...
Malicious code in @t-in-one/get_application_hid (npm)
Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...
MAL-2026-4153 Malicious code in size-sensor (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2026-4028 Malicious code in @antv/infographic (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/f6-element (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/x6 (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/f6-plugin (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2026-3986 Malicious code in @antv/g6-editor (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2026-3848 Malicious code in @antv/a8 (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2026-3917 Malicious code in @antv/g-device-api (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Embedded Malicious Code
Overview mbt is a that triggers an 11.6 MB heavily obfuscated script execution.js during package installation. Once executed on a developer's machine, the malware steals the developer's credentials and weaponizes them to automatically create public GitHub repositories under the victim's account...