4 matches found
Malicious code in polymarket-clob-maths (npm)
Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign targeting Polymarket developers. polymarket-clob-maths uses a dropper technique: a postinstall hook fetches a remote bundle from trabalhos-flax.vercel.app and executes a syncSession function that runs a...
MAL-2026-6692 Malicious code in polymarket-trading-developer-tools (npm)
Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign targeting Polymarket developers. polymarket-trading-developer-tools uses a dropper technique: a postinstall hook downloads configuration from pm-trading-dev-tools-be.vercel.app and exfiltrates data to the...
Malicious code in @polymarket-developers/clob-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 345ca83f0d4f9589714459a50b08e9f733a7d56bbb131b029748ad244a2d447b The package @polymarket-developers/clob-client was found to contain malicious code...
MAL-2026-1635 Malicious code in @polymarket-developers/clob-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 345ca83f0d4f9589714459a50b08e9f733a7d56bbb131b029748ad244a2d447b The package @polymarket-developers/clob-client was found to contain malicious code...