Malicious code in @cloudplatform-single-spa/paas-redis (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

Malicious Package

Overview s3transfere is a malicious package. It attempts typosquatting popular packages. The malicious script is base64 obfuscated located in init.py file and tries to steal the current username, platform and IP information and send them to a remote host. Malicious behavior python import getpass...