42 matches found
Malicious Package
Overview @cloudplatform-single-spa/installations is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organizatio...
Malicious Package
Overview @cloudplatform-single-spa/svp-managed-kubernetes is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...
Malicious code in @cloudplatform-single-spa/agreements (npm)
Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...
MAL-2026-4866 Malicious code in @car-loans/deal (npm)
Part of a dependency confusion attack campaign targeting the @car-loans, @fb-deposit, and @debit-ib npm scopes. The attacker npm user pik-libs published 25 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version resolution,...
MAL-2026-4717 Malicious code in weavedb-console (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9cb1233d729c7aefcbe9024196bb4af52f78854aa5ed7f46afb4fa9cd59918c1 package.json declares "preinstall": "./src/compiler/native", which auto-executes a 976 KB stripped Linux ELF binary on every npm install. The binary ...
MAL-2026-4599 Malicious code in license-checker-plus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66ac93280c5fc72f65d15486a69369e4d2c2b289fa6f062a6643b63137fc6aa9 Package name mimics the widely-used license-checker while shipping an undocumented lib/compliance.js module that harvests credentials. The module sca...
MAL-2026-3764 Malicious code in glob-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 091b8ee02b80a8a3fda11c15a6d0b8f657b639100244a4398d046ded5854eb64 [email protected] is a malicious typosquat with no legitimate functionality. Its index.js is a stub; package.json declares scripts.postinstall: node...
Malicious code in dotenvv-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79fd33c6e511ab11f10b1dae91e2f083f486dd020bbf2dca5256eabc904f61b7 Package name dotenvv-tool impersonates the popular dotenv package; index.js is an admitted dummy stub "The real payload is in postinstall.js". The...
MAL-2026-3758 Malicious code in dotenvv-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79fd33c6e511ab11f10b1dae91e2f083f486dd020bbf2dca5256eabc904f61b7 Package name dotenvv-tool impersonates the popular dotenv package; index.js is an admitted dummy stub "The real payload is in postinstall.js". The...
Malicious code in graphicsctxr (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 10408decaf8cace14b8124fa392ee96996c3c91358cb454cbfcd45790d18cdf9 Package contains code to exfiltrate .env to a remote target. Prior to version 2.1.1, it also created a persistent backdoor via embedding a hardcoded SSH key...
MAL-2026-3210 Malicious code in graphicsctxr (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 10408decaf8cace14b8124fa392ee96996c3c91358cb454cbfcd45790d18cdf9 Package contains code to exfiltrate .env to a remote target. Prior to version 2.1.1, it also created a persistent backdoor via embedding a hardcoded SSH key...
Malicious code in corexloader (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 02fc84ddadc717cbd2dc073832c3c9e438f82d2671927fa79be959fea7031304 During importing, code starts a malicious script performing exfiltration of sensitive data and credentials from e.g. browsers and Discord clients to a remote...
Malicious code in stats-helpers (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0325e0cf1dadfad7387e0814c62942c6d4d80373ce116234fcf4f5450d434570 During importing, the package exfiltrates sensitive crypt-related environment variables to a remote location --- Category: MALICIOUS - The campaign has clearly...
MAL-2026-2139 Malicious code in stats-helpers (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0325e0cf1dadfad7387e0814c62942c6d4d80373ce116234fcf4f5450d434570 During importing, the package exfiltrates sensitive crypt-related environment variables to a remote location --- Category: MALICIOUS - The campaign has clearly...
Malicious code in do-not-install-this-package-004 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 155862095ddb7d3410298aef76abdda3e7eeaf5609b72f97c30790c317b8d1cb During installation, the package exfiltrates env variables and data from different process memory to a remote location --- Category: MALICIOUS - The campaign h...
MAL-2025-192438 Malicious code in synium (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 85fc917c33d970cb3365ff112f788b229638b757c32eaf99ba1054c8596298c1 During import, package exfiltrates specific global variables to a remote target in a way typical for infostealers --- Category: MALICIOUS - The campaign has...
Malicious code in synium (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 85fc917c33d970cb3365ff112f788b229638b757c32eaf99ba1054c8596298c1 During import, package exfiltrates specific global variables to a remote target in a way typical for infostealers --- Category: MALICIOUS - The campaign has...
MAL-2025-191972 Malicious code in hellospa (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 276fd70d8b56465c07e6a06281b93ef014fcab93ce00be738e645501713dbdda Package exfiltrates credentials, env variables and other sensitive data on running. Notably, exfiltrated cloud credentials were immediately checked from a remo...
EUVD-2023-34415
Malicious code in bioql PyPI...
Malicious code in zscaner (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ee09d48ac6f9e7d0460c2a2bc7c9aaae013ce04ac342eb164683b214616e56d1 Campaign is split into multiple packages that altogether exfiltrates data from desktop Telegram application. 1. "pyapiepo" is a cover package that provides som...