226596 matches found
Malicious code in iceberg-javascript (npm)
Three malicious npm packages published by the superbase account implement a dual-vector supply chain attack. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at .claude/settings and a companion .claude/settings.json that registers the binary as a Claude Code SessionStart hoo...
Malicious code in ms-graph-types (npm)
Two malicious npm packages published by the micresoft account typosquatting "microsoft" are part of a coordinated supply chain attack sharing identical infrastructure with packages published by the superbase account. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at...
Malicious code in @a91082900/test_package (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b8349cd7ce2c9ac2321dce8f80e5a46c0064b382fb7e54e975ff27a2dcab1254 The package's main file index.js executes at module load, with no exports and no user-invoked API. On import it issues...
Malicious code in kaggle-runner (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8dcd49ca70b987b236ba4341d839addfec9afb344e1471195f2f825281092f71 kagglerunner/coordinator.py embeds a bash reverse-shell template rvsstr that connects to vtool.duckdns.org:23454 via ncat with retry/backoff plus a...
Malicious code in justenv (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7b391e2932f5ed4a24b376c4c9ac84c98b88764799b6ddccdc68e19964346228 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in 0xegg2024 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86f32380998652e4d6d7b70da165cff6d669a4c6a6d9297da2a137071abf6317 Tea.yaml token farming campaign...
Malicious code in pirxcypackage (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5de481a31a831804a096bf6cf87157c0b0ee158aa7306c95080447764f9f7540 PirxcyPackage/init.py fetches https://pastebin.com/raw/91tFF63S and passes the response body to exec on every import. This is a textbook...
Malicious code in @2oolkit/hyperliquid-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c3af30011dcf54950f270463028270d732fce20b5cd5da44342a0748922e6df The package is advertised as a neutral CLI/MCP wrapper for Hyperliquid, but its distributed code silently routes value from the installer to an...
Malicious code in enhancer (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cefeea627aa1a0cc84aeedff1db0ae88ebf61b233bb9b20fa82b0a5fd0737cbf The distribution is published as enhancer but installs modules under the top-level safety namespace setup.py declares namespacepackages='safety' and...
Malicious code in @chahuadev/junk-sweeper-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d446150767f92344d8d0a699f5879bd746200fb8beb60554408699868f03d51 The package's postinstall script package.json line 10: "postinstall": "node install.js" unconditionally fetches a platform-native executable from...
Malicious code in 11j (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9ad371791d84a3c28ca12b62bae45a07567847b7df025c93611f8f504a1c869 the analysis identified unambiguous malicious behavior in log.js the package main: an IIFE executes on require/import that monkey-patches...
Malicious code in housecallpro (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6e95d04cb7977b9da45686f61f19767b33fb3e4fd1af5081b1a27acfd9ee9337 The OpenSSF Package Analysis project identified 'housecallpro' @ 1.0.1 npm as malicious. It is considered malicious because: - The package...
Malicious code in @mesadev/sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...
Malicious code in guardrails-ai (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...
Malicious code in ml-toolkit-ts (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...
Malicious code in @draftlab/auth-router (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...
Malicious code in @uipath/apollo-react (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 235b3abc1afad9d8a47430183286bbef61e16f74be20b29c7d967a8d528ecdf4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @tallyui/theme (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 34578fa5c77db2b21dd15d3357fc2b7c4d36a2ce4d1d44f86daa5c04561d662c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in git-branch-selector (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dab170d586455af0816362e715de0907ddaa19adb87c68ef59255139322dde69 The package git-branch-selector was found to contain malicious code. Source: ghsa-malware...
Malicious code in @squawk/navaid-data (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 966263f7b58fca4470e282294f432c7c78d25b154b3c6daf6580d2b426a5e004 The package @squawk/navaid-data was found to contain malicious code. Source: ghsa-malware...
Malicious code in @squawk/airports (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01fabaad6adcf6ba78ba71fb750d70c8e3f3a1e524a75a6b8bf8ddc7769ac5b0 The package @squawk/airports was found to contain malicious code. Source: ghsa-malware f8adf8853b03c99d84b919062f8c688b4bfb42f72cc9de33299fe3e3f9a2b9...
Malicious code in @tanstack/router-vite-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 59c369975f931e9f8a4ca499e887c2ec41f7d1dbfcdcb83fa9e6ec9717ea4910 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @tanstack/router-ssr-query-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 388949e6add086eda74454a083d7f720fe77716c9c3f18746ba90206a5ebbab5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in cross-stitch (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bfe06155444d60d3774a256051b31f6a4814f484f33830cbe61eec7ebe611be6 The package cross-stitch was found to contain malicious code. Source: ghsa-malware 7c23bb77e762be76915e8202d11074aaa122efe0a8a32e403fa00ee8563c9bbe A...
Malicious code in @tanstack/start-storage-context (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e7021ac6b47d0f973f936ca9d15cd26f43a01b1151ce691ec8b10be5001be2bb This version of @tanstack/start-storage-context belongs to the @tanstack/ package family that was compromised via CI cache poisoning, with 42 package...
Malicious code in briantreehttp (npm)
briantreehttp is a typosquatting package impersonating braintreehttp, the HTTP client library published by Braintree/PayPal. The package bundles the legitimate library source to appear functional while hiding a credential-theft payload in index1.js, which is executed at install time via the...
Malicious code in ggfmttygl-new (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2098233a75602dd1779f720f566420f4a88ec77694b206e7858323b5aeea38d5 Package is disguised as a utility, but in fact loads encrypted code as modules. However, loading it requires knowing the decryption key which is not included i...
Malicious code in crypto-kit-pro (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b3c7b3526469db1bb04a5875cfcb3a1e41fe3f9c697b6d63e497a15d1177cb1b The code automatically scans the filesystem looking for BIP-39 seed phrases and data indicating private keys, and exfiltrates them --- Category: MALICIOUS - Th...
Malicious code in @google-pay-trust/start (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16feef8620dbb1f3b6c7c6c67f9f7883438f368a3bfd2c2c591d7f30467e67c4 The package @google-pay-trust/start was found to contain malicious code. Source: ghsa-malware...
Malicious code in win-update-helper-tool-v2 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 251972769752a77d15c86627fe078560c49ce79a47bcc4542128386eb5362342 If run as a module, the code runs code to silently control the device via Telegram bot execute commands, exfiltrate files. --- Category: MALICIOUS - The campai...
Malicious code in oracle-lag-sniper (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 052e2309a320b056b5a959c33b703d819b1fa2ce9b2647d250bc612d25bae9c9 When using the package, it exfiltrates sensitive environmental variables targeting Polymarket keys to the target controlled via a Polymarket's user profile. Th...
Malicious code in @business_promocode/cancel_promocode (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 002798d60b98859a68bc9daf0ebaf7794b8d83973b69fb4c8bfe9979f685e51d The package @businesspromocode/cancelpromocode was found to contain malicious code. Source: ghsa-malware...
Malicious code in @clearpool/comms (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f79c0a598ffe54e6eba22b90afd0c9bbb902c3086178c2ea2a9227e002e399d The package @clearpool/comms was found to contain malicious code. Source: ghsa-malware aac3d8fce06f495311a581ee9a8f6acf42b7ea35162b9a3387ad6040adfef4...
Malicious code in promptflow-runtime (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5b42466489944454bbab304af3aa9869e3f0483cafc76b4da896f6512bb4c627 During import, package collects basic information about the system, performs deep fingerprinting, and reports the data to the remote target. The package...
Malicious code in @openwebconcept/theme-owc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ba9da7f58491c9c4715c34da32da8f4a9d1519075412a9be534d19e6e07466e2 The package @openwebconcept/theme-owc was found to contain malicious code. Source: ghsa-malware...
Malicious code in pgserve (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c48b943e993f7a62fe43ad9c5412ad1750fd3d5a8cd5214988b16caf78f4a06d The package pgserve was found to contain malicious code. Source: ghsa-malware 3eb07d42183ec3a63a62edc4353d8dbaa85afd8c1830fa5b6ef2617fb5a2b3e0 Any...
Malicious code in paddle-internal-scripts (npm)
Malicious package due to sensitive data exfiltration via obfuscated preinstall script. Few published versions increase suspicion. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eae655788b800d689464263a26d904ccb45fe4aa65b61422a51325008aff3003 The package...
Malicious code in emergentintegrations (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 fce023cdc4fa1509dbc8512d9b3728d4f5944941a522f63b94ef27b764ee4fbd Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in trackora-node (npm)
trackora-node is a malicious npm package that when imported downloads a C2 dropper from https://jsonkeeper.com/b/BADC6 and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...
Malicious code in ih-icon (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 29e7f19afb6ffd57012c61c6bef2ce8ad4238f192cac0679e216684a37ec672e The package ih-icon was found to contain malicious code. Source: ghsa-malware c7182707ae8272b3af4376c3dfec66a3b574b8c86217bf3b7c705d94dfb84b63 Any...
Malicious code in @velora-dex/sdk (npm)
Malicious npm package executing base64-decoded shell command to download and run stage-2 payload from C2 server 89.36.224.5 targeting macOS --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21a732dd2745098176d2c19fe3edb359db6f6690b5d14b8d49e8a00b61325311 The packa...
Malicious code in @pypestream/floating-ui-dom (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c054f1bdbe451e796bb0623296f4240c654e72b4ef794089dad3428bfed98fd2 The package @pypestream/floating-ui-dom was found to contain malicious code. Source: ghsa-malware...
Malicious code in ui-core_mal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c66ea54316ebd799590186156adab4ff03ad3108487b4c5c48192924efcd60a The package ui-coremal was found to contain malicious code...
Malicious code in tss12111 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5555634991a4c64a764e555ae6b0c69b17ebdedc0c581f558eff46d2fef417d1 The package tss12111 was found to contain malicious code...
Malicious code in technical-assignment (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7bb4466031b35e68c6b2433674215383e95538391f583e01c1800c758a61c53b The package technical-assignment was found to contain malicious code...
Malicious code in signalk-poc-bug (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf69e2f2bf99c9fcd93e12139a947e034130e9f90b30def5cf03d008c3f40330 The package signalk-poc-bug was found to contain malicious code...
Malicious code in shopify-ping-web (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65f10efaec7ccae41168b3bcbce9874ddfa9fb6d806c9e55029549efe82f9898 The package shopify-ping-web was found to contain malicious code...
Malicious code in proleis-web-gallery (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9085cc1fa561c63217713c781ed745f8e6d4c34e5997413299b06aa2d6047dc1 The package proleis-web-gallery was found to contain malicious code...
Malicious code in proleis-web-animations (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f74a5f037c0757513f368436996c6152eb542df054a16bd774b37d6c8970f84c The package proleis-web-animations was found to contain malicious code...
Malicious code in solnetwallet.net.core (NuGet)
--- -= Per source details. Do not edit below this line.=-...