721 matches found
MAL-2026-3179 Malicious code in mbt (npm)
Supply chain compromise of legitimate SAP packages published by threat actor "[email protected]" impersonating SAP toolchain maintainers. All four compromised packages share the same fingerprint: setup.mjs 4.4 KB and execution.js 11.1 MB bundled in the tarball, with a preinstall hook of "node...
MAL-2026-3176 Malicious code in @cap-js/db-service (npm)
Supply chain compromise of legitimate SAP packages published by threat actor "[email protected]" impersonating SAP toolchain maintainers. All four compromised packages share the same fingerprint: setup.mjs 4.4 KB and execution.js 11.1 MB bundled in the tarball, with a preinstall hook of "node...
MAL-2026-3178 Malicious code in @cap-js/sqlite (npm)
Supply chain compromise of legitimate SAP packages published by threat actor "[email protected]" impersonating SAP toolchain maintainers. All four compromised packages share the same fingerprint: setup.mjs 4.4 KB and execution.js 11.1 MB bundled in the tarball, with a preinstall hook of "node...
MAL-2026-3158 Malicious code in apple-internal-pki-trust (npm)
Malicious npm package published by threat actor "raya4321" as part of a coordinated typosquatting campaign impersonating Apple internal infrastructure services authentication, PKI, telemetry, CloudKit, and cloud infrastructure. All packages in this campaign execute credential-theft payloads durin...
MAL-2026-3153 Malicious code in apple-infra-final-escape (npm)
Malicious npm package published by threat actor "raya4321" as part of a coordinated typosquatting campaign impersonating Apple internal infrastructure services authentication, PKI, telemetry, CloudKit, and cloud infrastructure. All packages in this campaign execute credential-theft payloads durin...
Malicious code in pie-docs (npm)
This package steals IP address and sent it to C&C server in preinstall hook...
Malicious code in harthat-api (npm)
The package contains a preinstall hook which silently executes a malicious script with downloader functionality. This is characteristic of an ongoing North Korean state-sponsored campaign...
Malicious code in harthat-hash (npm)
The package contains a preinstall hook which silently executes a malicious script with downloader functionality. This is characteristic of an ongoing North Korean state-sponsored campaign...
Malicious code in call-blockflow (npm)
The package contains a preinstall hook which silently executes a malicious script with downloader functionality. This is characteristic of an ongoing North Korean state-sponsored campaign...
MAL-2024-8842 Malicious code in call-blockflow (npm)
The package contains a preinstall hook which silently executes a malicious script with downloader functionality. This is characteristic of an ongoing North Korean state-sponsored campaign...
MAL-2024-8843 Malicious code in harthat-api (npm)
The package contains a preinstall hook which silently executes a malicious script with downloader functionality. This is characteristic of an ongoing North Korean state-sponsored campaign...
Malicious code in ndoe-fethc (npm)
The package contains a preinstall hook to execute unhook.js, which has cryptocurrency stealing functionality. --- -= Per source details. Do not edit below this line.=-...
Malicious code in safebs58.js (npm)
The package contains a preinstall hook to execute unhook.js, which has cryptocurrency stealing functionality. --- -= Per source details. Do not edit below this line.=-...
Malicious code in nodebs58 (npm)
The package contains a preinstall hook to execute unhook.js, which has cryptocurrency stealing functionality. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 06acfd91a86ac73f0160fab5b4c198882f9f8dac8617c79b28f62ae487cbcf66 Any computer that has this package installe...
Malicious code in layout-utils.js (npm)
The package contains a preinstall hook to execute unhook.js, which has cryptocurrency stealing functionality...
MAL-2024-7886 Malicious code in safebs58.js (npm)
The package contains a preinstall hook to execute unhook.js, which has cryptocurrency stealing functionality. --- -= Per source details. Do not edit below this line.=-...
MAL-2024-7885 Malicious code in nodebs58 (npm)
The package contains a preinstall hook to execute unhook.js, which has cryptocurrency stealing functionality. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 06acfd91a86ac73f0160fab5b4c198882f9f8dac8617c79b28f62ae487cbcf66 Any computer that has this package installe...
MAL-2024-7884 Malicious code in ndoe-fethc (npm)
The package contains a preinstall hook to execute unhook.js, which has cryptocurrency stealing functionality. --- -= Per source details. Do not edit below this line.=-...
MAL-2024-7883 Malicious code in layout-utils.js (npm)
The package contains a preinstall hook to execute unhook.js, which has cryptocurrency stealing functionality...
Malicious code in harthat-chain (npm)
The package contains a preinstall hook which silently executes a malicious script with downloader functionality. This is characteristic of an ongoing North Korean state-sponsored campaign...