18 matches found
Malicious code in exodus-checkout-signer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 921c5ef246587db452bdb65aae12321f4de868e7882f9550f9b9e32300ae792c exodus-checkout-signer is the unscoped name of the scoped package @exodus/checkout-signer and self-describes in README and package.json as a...
Malicious code in grateful-checkout (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c2a9600ad3ee3fddd9f06425260c94edf660263800080787155a63d3e5212d12 On npm install, the postinstall hook in src/canary.js performs a DNS lookup and an HTTPS GET to a serveo tunnel host...
MAL-2026-5436 Malicious code in checkout-signer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6add4dfcaaf79ce107ac8026032b47540def183a121be2266891644c90f10c8 Package replicates the API surface of an internal Exodus package generateMnemonicSigningKeys, signDirectPaymentMultiChain, signCapture, signRefund,...
Malicious code in checkout-signer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6add4dfcaaf79ce107ac8026032b47540def183a121be2266891644c90f10c8 Package replicates the API surface of an internal Exodus package generateMnemonicSigningKeys, signDirectPaymentMultiChain, signCapture, signRefund,...
Malicious code in exodus-wallet-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53bf93b626689e980ef2e9c4ba33fd95e81d6a04c665f85908c8cf07b8b36e14 Package name impersonates the Exodus cryptocurrency wallet brand. package.json declares "postinstall": "node src/canary.js", and src/canary.js perfor...
MAL-2026-5443 Malicious code in exodus-wallet-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53bf93b626689e980ef2e9c4ba33fd95e81d6a04c665f85908c8cf07b8b36e14 Package name impersonates the Exodus cryptocurrency wallet brand. package.json declares "postinstall": "node src/canary.js", and src/canary.js perfor...
Malicious code in exodus-solana-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ecffe98bff5e1c4655631cf8f92b1b1ccb534e0eeaa7043fab0d5fa1fbfabc35 Package name impersonates the Exodus cryptocurrency wallet brand exodus-solana-sdk. package.json declares a postinstall hook node src/canary.js that...
Malicious code in exodus-ethereum-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4e52a42f8980da0a9df361ef772ca31bbdaec85eb3fc7a73dbcfc8b5ca6894a Package name impersonates the Exodus cryptocurrency wallet brand and ships no real functionality src/index.js exports an empty object; package.json...
Malicious code in exodus-secure-container (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 92bc77b12251baa18392bd90e84d6bdc57aaef9a8c774f8cb29a0066e80f76b5 On npm install, the package runs node src/canary.js as a postinstall hook. That script performs a DNS lookup and HTTPS GET to the hardcoded host...
CamPhish - Grab Cam Shots From Target'S Phone Front Camera Or PC Webcam Just Sending A Link.
Grab cam shots from target's phone front camera or PC webcam just sending a link. What is CamPhish? CamPhish is techniques to take cam shots of target's phone fornt camera or PC webcam. CamPhish Hosts a fake website on in built PHP server and uses ngrok & serveo to generate a link which we will...
Sish - HTTP(S)/WS(S)/TCP Tunnels To Localhost Using Only SSH
An open source serveo/ngrok alternative. Deploy Builds are made automatically for each commit to the repo and are pushed to Dockerhub. Builds are tagged using a commit sha, branch name, tag, latest if released on main. You can find a list here. Each release builds separate sish binaries that can ...
SAyHello - Capturing Audio (.Wav) From Target Using A Link
Capturing audio .wav from target using a link How it works? After the user grants microphone permissions, a website redirect button of your choice is released to distract the target while small audio files about 4 seconds in wav format are sent to the attacker. It uses Recorderjs, plugin for...
Locator - Geolocator, Ip Tracker, Device Info By URL (Serveo And Ngrok)
Geolocator, Ip Tracker, Device Info by URL Serveo and Ngrok. It uses tinyurl to obfuscate the Serveo link. Legal disclaimer: Usage of Locator for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws...
Saycheese - Grab Target'S Webcam Shots By Link
Take webcam shots from target just sending a malicious link. How it works? The tool generates a malicious HTTPS page using Serveo or Ngrok Port Forwarding methods, and a javascript code to cam requests using MediaDevices.getUserMedia. The MediaDevices.getUserMedia method prompts the user for...
Seeker v1.2.1 - Accurately Locate Smartphones Using Social Engineering
Concept behind Seeker is simple, just like we host phishing pages to get credentials why not host a fake page that requests your location like many popular location based websites. Read more on thewhiteh4t's Blog .Seeker Hosts a fake website on In Built PHP Server and uses Serveo to generate a li...
HiddenEye - Modern Phishing Tool With Advanced Functionality (Android-Support-Available)
Modern Phishing Tool With Advanced Functionality PHISHING | KEYLOGGER | INFORMATIONCOLLECTOR | ALLINONETOOL | SOCIALENGINEERING DEVELOPERS & CONTRIBUTORS 1. ANONUD4Y https://github.com/An0nUD4Y 2. USAMA ABDUL SATTAR https://github.com/usama7628674 3. sTiKyt https://github.com/sTiKyt 4. UNDEADSEC...
Shellphish - Phishing Tool For 18 Social Media (Instagram, Facebook, Snapchat, Github, Twitter...)
Phishing Tool for 18 social media: Instagram, Facebook, Snapchat, Github, Twitter, Yahoo, Protonmail, Spotify, Netflix, Linkedin, Wordpress, Origin, Steam, Microsoft, InstaFollowers, Gitlab, Pinterest. This script uses some webpages generated bySocialFish Tool...
GhostDelivery - This Tool Creates A Obfuscated .vbs Script To Download A Payload Hosted On A Server To %TEMP% Directory, Execute Payload And Gain Persistence
Python script to generate obfuscated .vbs script that delivers payload with persistence and windows antivirus disabling functions. Features: Downloads payload to TEMP directory and executes payload to bypass windows smart screen. Disables Defender, UAC/user account control, Defender Notifications...