2 matches found
MAL-2026-10074 Malicious code in testis-pack (npm)
The npm package testis-pack presents itself as a small binary packing/checksum utility pack/unpack/checksum/inspect but embeds an obfuscated dropper. It declares a preinstall: node index.js hook. The strings for the C2 host, path and dropped-binary name are not present in plaintext — they are...
MAL-2026-10075 Malicious code in testudo-pack (npm)
The npm package testudo-pack is byte-for-byte identical verified via diff to testis-pack from the same npm publisher ioa2102 [email protected], differing only in its install hook: postinstall: node index.js instead of preinstall. It presents itself as a small binary packing/checksum...