18 matches found
GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure
CrowdStrike, in partnership with Google and the Shadowserver Foundation, has announced the simultaneous disruption of all command-and-control C2 channels associated with GlassWorm, a persistent software chain campaign targeting software developers through malicious packages and extensions. "Since...
Malicious code in logger-draft (npm)
Part of a multi-package malicious campaign by npm author toskypi, logger-draft is a companion package to eo-terminal in the same infostealer and remote access trojan RAT campaign. Both packages share the same actor, C2 infrastructure, and attack pattern, and are distributed together under a...
Malicious code in polymarket-trading-cli (npm)
A coordinated supply-chain attack comprising 9 npm packages published by maintainer polymarketdev GitHub actor texsellix, repo texsellix/polymarket-trading-bot within a 2-minute window on 2026-05-20T23:30Z–23:32Z. All packages masquerade as legitimate Polymarket CLOB trading tools while...
Malicious code in txwrap (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 72b4db77d156fffbfdf3253cda39d73180fda419676d356fdbc217130c289549 During importing, the remote code is downloaded. It then exfiltrates cryptocurrency wallet data to a hardcoded location and places a backdoor through a new...
Malicious code in typelimagic (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7fcef0c386cca43024460aa4a1b47a99109e4ba02159a8fbe426c12f9884a83e Clone of a legitimate library. The added code scans system for sensitive files, with the focus on crypto currency wallets, and exfiltrate them. Previous versio...
GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data
Cybersecurity researchers have flagged a new evolution of the GlassWorm campaign that delivers a multi-stage framework capable of comprehensive data theft and installing a remote access trojan RAT, which deploys an information-stealing Google Chrome extension masquerading as an offline version of...
Malicious code in codejoy.codejoy-vscode-extension (VSCode:https://open-vsx.org)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 6039e624de3c28cc21aa1c268dc71e67352c90ec642f4efc51fc47de34f9d47b This extension is malicious. When installed it runs an info stealer that exfiltrates user data including credentials and cryptocurrency...
Malicious code in CodeInKlingon.git-worktree-menu (VSCode:https://open-vsx.org)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 68ef1fadb311fcf38b0a3d9f7e7845c12f201bfdab9556387e9a8b052cec8ee5 This extension is malicious. When installed it runs an info stealer that exfiltrates user data including credentials and cryptocurrency...
Malicious code in jeronimoekerdt.color-picker-universal (VSCode:https://open-vsx.org)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1b0ef4a151e758eadda67d487723883b42f68292fd4dc8019068838e08faa8 This extension is malicious. When installed it runs an info stealer that exfiltrates user data including credentials and cryptocurrency...
Malicious code in grrrck.positron-plus-1-e (VSCode:https://open-vsx.org)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 820ed4b566cf0f19a7737abc11d761b56b64960adae0b4a7e53d3e95a31cf59a This extension is malicious. When installed it runs an info stealer that exfiltrates user data including credentials and cryptocurrency...
Malicious code in TretinV3.forts-api-extention (VSCode:https://open-vsx.org)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a765300393215437d2a27fb270964dc0a9d7d521b48fa9a541af8445f4f67be9 This extension is malicious. When installed it runs an info stealer that exfiltrates user data including credentials and cryptocurrency...
MAL-2025-191159 Malicious code in codejoy.codejoy-vscode-extension (VSCode:https://open-vsx.org)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 6039e624de3c28cc21aa1c268dc71e67352c90ec642f4efc51fc47de34f9d47b This extension is malicious. When installed it runs an info stealer that exfiltrates user data including credentials and cryptocurrency...
Malicious code in kleinesfilmroellchen.serenity-dsl-syntaxhighlight (VSCode:https://open-vsx.org)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 4cd24ae9caaea029653d9b9516f034a9ff19684891421dd3558c584f02076c8f This extension is malicious. When installed it runs an info stealer that exfiltrates user data including credentials and cryptocurrency...
EUVD-2019-0794
Malware in sbrugna...
Malicious code in fernets (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 95fc75ed8a4cfcccc988b2241772effbc15eb3700a6a96f3183981a1b4c7fba7 If imported, the module starts a multi-stage infostealer, exfiltrating browser data as well as crypto wallets, and also attempts to monitor clipboard looking f...
Malicious code in arcus-cmd-utils (npm)
This package executes a base64-encoded script to download an Electron-based infostealer binary, aimed at exfiltrating cryptocurrency wallets, credentials, and other sensitive data. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware...
Malicious Package in ecuvre
All versions of this package contained malware. The package was designed to find and exfiltrate cryptocurrency wallets. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated...
GHSA-PC7Q-C837-3WJQ Malicious Package in wallet-address-validtaor
All versions of this package contained malware. The package was designed to find and exfiltrate cryptocurrency wallets. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated...