10 matches found
Malicious code in ratelimitsucks (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44ed99ce54c3f8b6fa4f1bfa207a593bbf0d441c9eeee7d29dbc991098f8e12f Package is not a library. main points at sw.js, a browser Service Worker that uses importScripts, self.addEventListener'fetch'|'install'|'activate',...
MAL-2026-6135 Malicious code in ratelimitsucks (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44ed99ce54c3f8b6fa4f1bfa207a593bbf0d441c9eeee7d29dbc991098f8e12f Package is not a library. main points at sw.js, a browser Service Worker that uses importScripts, self.addEventListener'fetch'|'install'|'activate',...
MAL-2026-6129 Malicious code in abuden22 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c6b2d1b9158b6a3652850cdee84fd448567fc6d8187e685ee0b85eb8d594f57 The tarball contains a static-site bundle index.html, obfuscated asset chunks, service worker sw.js, and the MercuryWorkshop/Scramjet web-proxy bundl...
MAL-2026-5937 Malicious code in abuden21 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4db5b16c4a10377beb73341758a26afed16a44d377dc03009601f610dd289b22 The tarball ships auto-publish.sh, which iterates a hardcoded list of 90 unrelated package names imillegal1..N, ishowfeet, nottuff, abuden,...
MAL-2026-5918 Malicious code in nottuff7 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 15a5e98054661d6eea29d8120457ffc7e00d7b516223a5fa6ec91355e9434652 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in nottuff25 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 238a4f56f3433bf34de372e9a26264a33e33c6bde8592ddc73594d33ab7427f0 The tarball is not a Node library. package.json declares main: sw.js with description "package" and an empty author; sw.js is a browser ServiceWorker...
MAL-2026-5916 Malicious code in nottuff25 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 238a4f56f3433bf34de372e9a26264a33e33c6bde8592ddc73594d33ab7427f0 The tarball is not a Node library. package.json declares main: sw.js with description "package" and an empty author; sw.js is a browser ServiceWorker...
Fake system update drops Aurora stealer via Invalid Printer loader
Malvertising seems to be enjoying a renaissance as of late, whether it is from ads on search engine results pages or via popular websites. Because browsers are more secure today than they were 5 or 10 years ago, the attacks that we are seeing all involve some form of social engineering. A threat...
WordPress sites backdoored with ad fraud plugin
WordPress is an immensely popular content management system CMS powering over 43% of all websites. Many webmasters will monetize their sites by running ads and need to draw particular attention to search engine optimization SEO techniques to maximize their revenues. But some people will take a...
Adult popunder campaign used in mainstream ad fraud scheme
This blog post was authored by Jerome Segura Online advertising is a multi billion dollar industry with projected spending to reach over 600 billion U.S. dollars for 2022. It's not surprising that criminals are trying their hardest to abuse this ecosystem in any way that they can. One of the...