225735 matches found
Malicious code in @antv/f6-ui (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/g-lite (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/g-plugin-box2d (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/g-plugin-css-select (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/g-plugin-device-renderer (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/g-plugin-image-loader (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/g6-alipay (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/g6-pc (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/g6 (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/gpt-vis-ssr (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/graphin (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/l7-core (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/layout-wasm (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/my-f2-pc (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/t8 (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/thumbnails (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/torch (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/webgpu-graph (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/word-scale-chart (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/x6-plugin-export (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @lint-md/core (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in jest-date-mock (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in lint-md-cli (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in xmorse (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/vis-predict-engine (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in zentra-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0e01d6a4a54894203355e9b44bb2489f91006985ffc2ea5d5650b172653cd76c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in pyenvprep (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 963727b60e7fa8536050eb0f4691dc8bec6089567630063305d05ddceb4834cd Package contains code to silently execute a RAT-like agent, allowing the attacker to access the file system and execute arbitrary code. --- Category: MALICIOUS...
Malicious code in safe-env-reader (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad60c5cf4596544e0850900c3340d21c5fec76024a063c057b8b935b02366d4d The package safe-env-reader was found to contain malicious code. Source: ghsa-malware 8fc3e1ef0bee11b2c0e5cb99d3c821492232db6c715fd90cde09c74aa86b926...
Malicious code in validate-api-key (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 73c2249a9b57bfab0277840b52fc1774c096dd7c3022b9bd0d0ae5cfeda0b14c The package validate-api-key was found to contain malicious code. Source: ghsa-malware db221657101473a5da0e59194e2ba30d99b576faae8b3e7ff21c5d68b83ff1...
Malicious code in netping (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ecc862a2bc12e6779034a99abd68c5d4ffb047f1fc2ae94407dd9e4ad54df5cf The package silently downloads and installs an autostart script that then monitors clipboards and replaces copied cryptowallet adresses. --- Category: MALICIOU...
Malicious code in atlassian-jenkins-helper-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 526951af835c5c23fe1c8c7b4d5180e324baeae2de710b4a3d862c2e372da4af The package atlassian-jenkins-helper-utils was found to contain malicious code. Source: ghsa-malware...
Malicious code in babel-6-compatibility-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d77f7edebabddc5ea0e09c0b1df9b7277a2645a506618cad4e4ee0340db67efe The package babel-6-compatibility-utils was found to contain malicious code. Source: ghsa-malware...
Malicious code in jatinangor-teleport-testing-zer0id (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 34c3a001b297d2dfcc37259733ff95ded758a3a89d63331422f239359c60edd2 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in chai-as-regulated (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67f7f8d21f5d33db136b1e10fc7fbb6d2a1540240911b0630e7fc9f8724c7b26 Package is published as chai-as-regulated, a name mimicking the widely-used chai-as-promised Chai plugin, and the README instructs users to register ...
Malicious code in prettier-lint-lenz (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 28f7035dda69170600724a31f4b3543e02ac23c9153f3a62c35f2ee5264eef44 Package impersonates the popular prettier formatter — README and description are copied verbatim from the real Prettier project, but the package ship...
Malicious code in dotenvv-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79fd33c6e511ab11f10b1dae91e2f083f486dd020bbf2dca5256eabc904f61b7 Package name dotenvv-tool impersonates the popular dotenv package; index.js is an admitted dummy stub "The real payload is in postinstall.js". The...
Malicious code in knot-date-utils-rb (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters. The packages in this cluster steal...
Malicious code in katal-platform-versions (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8dc8f21e750df73dfe46bbeba3bcfac8e88308adddf33680ce9751e7a1fec4af The OpenSSF Package Analysis project identified 'katal-platform-versions' @ 99.99.99 npm as malicious. It is considered malicious because: - The...
Malicious code in crazehub (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53d37c0e75f63e9da7adcc1f71f8b67a665d080342df6857a15dadc297e4f075 crazehub/init.py performs multiple user-hostile actions at import time. Lines 2-3 unconditionally run os.system"pip install phonenumbers" and...
Malicious code in mymaldependency (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38372ffa2ec19cee68f769508d95ffb4f5c1878aeae058ce3e7a33b947d06cf1 MyMalDependencypackage/init.py executes on every import: it calls os.uname and os.getcwd, writes the results to./trans.txt in the installer's working...
Malicious code in @draftlab/auth-router (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...
Malicious code in @mesadev/saguaro (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...
Malicious code in @uipath/apollo-react (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 235b3abc1afad9d8a47430183286bbef61e16f74be20b29c7d967a8d528ecdf4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @beproduct/nestjs-auth (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eead7b1c6446924fec345e042b8bd966ea184deae755f876326cf99040f5f107 The package @beproduct/nestjs-auth was found to contain malicious code. Source: ghsa-malware...
Malicious code in @tanstack/router-ssr-query-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 388949e6add086eda74454a083d7f720fe77716c9c3f18746ba90206a5ebbab5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mistralai/mistralai (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 23235945a2d68899f5fe2e6eafaefa0a98f2120697d41a40d26615e41aceb916 The package @mistralai/mistralai was found to contain malicious code. Source: ghsa-malware...
Malicious code in web3-py-checksum (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4b2052172f5c854b2e91f6bdc9336a97469cd161372621a1880d9cd1e3ad426a The code silently exfiltrates the private key of a crypto account. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...
Malicious code in @gaia-codesearch/gaia-api-python (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bffb43bbb30e1d5c01c4c389983726a49a5489ddebcfef91353d03f7a767d01f The package @gaia-codesearch/gaia-api-python was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in justinleaguekems (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 039b35e6547b64dd3e28ba9e178b9716447f88d6bd9558766c9ffe8850262d99 Package exfiltrates screenshots and network information to a hardcoded target. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
Malicious code in yeahmankema (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e82095096c026f9ea1f8a44e7b94b0f9def1346ef887a8a6bb4e11aedc5abd63 Package exfiltrates screenshots and network information to a hardcoded target. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...