MAL-2026-4197 Malicious code in pretty-logger-utils (npm)

pretty-logger-utils is a malicious npm package that depends on terminal-logger-utils and triggers the malicious behavior in that package when installed or imported. The terminal-logger-utils payload executes a postinstall hook that opens utils.cjs, an obfuscated malware dropper. The dropper...

Malicious code in ts-logger-pack (npm)

ts-logger-pack is a malicious npm package that depends on terminal-logger-utils and triggers the malicious behavior in that package when installed or imported. The terminal-logger-utils payload executes a postinstall hook that opens utils.cjs, an obfuscated malware dropper. The dropper downloads...

MAL-2026-4199 Malicious code in ts-logger-pack (npm)

ts-logger-pack is a malicious npm package that depends on terminal-logger-utils and triggers the malicious behavior in that package when installed or imported. The terminal-logger-utils payload executes a postinstall hook that opens utils.cjs, an obfuscated malware dropper. The dropper downloads...

MAL-2026-4198 Malicious code in terminal-logger-utils (npm)

terminal-logger-utils is a malicious npm package that when installed executes a postinstall hook that opens utils.cjs, an obfuscated malware dropper. The dropper checks the current system, downloads a platform-specific second-stage binary from Hugging Face, and executes it. The second-stage paylo...

MAL-2025-192579 Malicious code in smtblib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 15a295f1d98fcbbdd6a077bc3a849966ca3f73919c0d47e58948ff382481e5b6 Malicious copy of a standard library module that during class initialization downloads and executes remote code and after that attempts to cover its tracks by...

Malicious code in pytzv (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bc7b0a2cddf6ee0cc4d688f4136758e0d7aaa99707aa5dd82505d84631d77720 Importing the module starts exfiltration of ".session" files, which appear to be used at least by one Telegram library...

Malicious code in qtpv (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2e0cfa610f53699fb3d04d6296bf28540a6162be41a7268566e999b070b517a6 Importing the module starts exfiltration of ".session" files, which appear to be used at least by one Telegram library...

CVE-2024-2559

creationtimestamp| type| source ---|---|--- 2024-03-17 11:21:58+00:00| seen| https://t.me/ctinow/209869 2024-03-17 11:26:08+00:00| seen| https://t.me/ctinow/209870...

CVE-2024-24705

creationtimestamp| type| source ---|---|--- 2024-02-28 16:46:39+00:00| seen| https://t.me/ctinow/195644 2024-02-28 16:46:43+00:00| seen| https://t.me/ctinow/195648 2024-03-15 01:07:08+00:00| seen| https://t.me/ctinow/208320...

Stealer for PIX payment system, new Lumar stealer and Rhysida ransomware

Introduction As a cybersecurity company, Kaspersky is constantly dealing with known and brand-new malware samples. As part of our crimeware reporting service, we provide our customers with technical reports on the evolution of existing crimeware families, as well as newly emerging ones. In this...

CVE-2020-29589

creationtimestamp| type| source ---|---|--- 2020-12-11 18:37:43+00:00| seen| https://t.me/cibsecurity/20264 2020-12-11 19:25:30+00:00| seen| https://t.me/cibsecurity/20284 2020-12-11 19:34:38+00:00| seen| https://t.me/cibsecurity/20303 2020-12-11 20:24:31+00:00| seen| https://t.me/cibsecurity/203...