264 matches found
GHSA-VCG5-9XW6-R56C Malicious Package in logsymbles
Version 2.2.0 of logsymbles contains malicious code as a preinstall script. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When installed, the package downloads a file from a remote server, executes it and opens a backdoor...
Malicious Package in logsymbles
Version 2.2.0 of logsymbles contains malicious code as a preinstall script. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When installed, the package downloads a file from a remote server, executes it and opens a backdoor...
GHSA-C6F3-3C98-2J2F Malicious Package in jquerz
Version 1.0.1 of jquerz contains malicious code as a preinstall script. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When installed, the package downloads a file from a remote server, executes it and opens a backdoor...
Malicious Package in jquerz
Version 1.0.1 of jquerz contains malicious code as a preinstall script. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When installed, the package downloads a file from a remote server, executes it and opens a backdoor...
GHSA-FQW7-8V6M-2F86 Malicious Package in hulp
All versions of hulp contain malicious code as a preinstall script. When installed, the package calls home to a Command and Control server to execute arbitrary commands. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and...
GHSA-2R8F-2665-3GXQ Malicious Package in froever
All versions of froever contain malicious code as a preinstall script. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When installed, the package downloads a file from a remote server, executes it and opened a backdoor...
Malicious Package in froever
All versions of froever contain malicious code as a preinstall script. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When installed, the package downloads a file from a remote server, executes it and opened a backdoor...
GHSA-8MMF-QP7J-2W24 Malicious Package in colour-string
Version 1.5.3 of colour-string contained malicious code as a preinstall script. The package downloaded a file from a remote server, executed it and opened a backdoor. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and key...
GHSA-JP9G-5X75-CCP8 Malicious Package in colro-name
Version 9.0.0 of colro-name contained malicious code as a preinstall script. The package downloaded a file from a remote server, executed it and opened a backdoor. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys...
Malicious Package in colro-name
Version 9.0.0 of colro-name contained malicious code as a preinstall script. The package downloaded a file from a remote server, executed it and opened a backdoor. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys...
Malicious Package
m-backdoor is a malicious package. The package contains a preinstall script that originates from a remote server. The script potentially allows an attacker to execute arbitrary code on the victim's system...
Malicious Package
yoeman-generator is a malicious package. The package contains malicious code existing as a preinstall script. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When installed, the package downloads a file from a remote server,...
Malicious Package
log-symboles is a malicious package. The package contains malicious code exeisting as a preinstall script. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When installed, the package downloads a file from a remote server,...
Malicious Package
require-port is a malicious package. The package contains malicious code existing as a preinstall script. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When installed, the package downloads a file from a remote server,...
Malicious Package
8.9.4 is a malicious package. The package contains malicious code existing as a preinstall script. The package reads the system's SSH keys but does not upload it to a remote server...
Malicious Package
emberclibabe is a malicious package. The package contains malicious code existing as a preinstall script. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When installed, the package downloads a file from a remote server,...
Malicious Package
Overview Versions 1.0.2, 1.0.3, 1.0.4 and 1.0.5 of 8.9.4 contain malicious code as a preinstall script. The package reads the system's SSH keys but does not upload it to a remote server. Recommendation Remove the package from your environment. There is no evidence of further compromise at the...
Malicious Package
Overview All versions of sdfjghlkfjdshlkjdhsfg contain malicious code. The package is essentially a worm that fetches all packages owned by the user, adds a script to self-replicate as a preinstall script and publishes a new version. Recommendation Remove the package from your environment and...
Exploit for Improper Input Validation in Apple Mac_Os_X
CVE-2019-8561 Proof of concept exploit for CVE-2019-8561 disc...
Malicious Package
Overview All versions of test-module-a contain malicious code as a preinstall script. The package fetches all names of npm packages owned by the user and attempts to add another maintainer to every package as a means of package hijacking, Recommendation Remove the package from your system. If you...