Malicious code in ccxt-bullish (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0729d9c3ad3f349ec626a97b7a265b1fd84f556bb1758af54adbc87bd29969f1 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in ac-array (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71f97348d3034afc8a89167b165172d331574fdeffd79f9392a282ff5732635f The package ac-array was found to contain malicious code...

Malicious code in adminbypasser (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 867991d0e6c74f15c2f231c002867172a4e03044a328676cf9b2ec07a7e48f68 Package silently downloads remote code and adds its execution to the autostart. During analysis, the remote domain no longer existed. --- Category: MALICIOUS -...

Malicious code in web3-chain-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e8092971594fb2e6c9a5748ec492ca88c9a8cc396917b314f09e5c3c85e0d130 The package web3-chain-sync was found to contain malicious code. Source: ghsa-malware a73489541e1d91e9e98d8ee52b10cc423ddd5b990bee23731cfa78e9bce3be0...

Malicious code in tableapys (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2aff2faef3705b6233a6df3d6b39f4f9b88ff522aa7c343cd8d36eb1a40405d6 Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...

Malicious code in libsignal-yazxzpedia (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae9ba3f94d59737d6d94cdf9e7fc825a792d62a213daba9d5b778e56ac35d459 The package libsignal-yazxzpedia was found to contain malicious code. Source: ghsa-malware...

Malicious code in yazxzpedia (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0f94694d3882914e6f75cc35db5533b7d7c4d9caebb2631033de332d3c49e562 The package yazxzpedia was found to contain malicious code. Source: ghsa-malware e97d515edc36ba99b0d5fa4cc5cd35798ff96229f05a9f93ba6dbef0631f1ac0 Any...

Malicious code in base-local-planner (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c0cb640a181ee8e6c31d4f0f87e8768b7a67b70174dd65794e8d980909eac8a3 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in fastpi (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2928970260fda87aaa57272b8042ae1a9661ad1a1bdeec1e73903e84ce3354cd Malicious copy of the legitimate FastAPI. The modification loads code encrypted in one of the attached files. The final, highly obfuscated code is most likely...

Malicious code in euskalplantxa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa75d57475518e4ef5865992ffdf7b0137f3af90a6672bb44113312d6598fe5f The package euskalplantxa was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in mcp-pdftool-plus (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2e92dea8be02288f271dacad2cd77f1bdd54596da1691cb738c4a7b7b4f77d21 When using the library, the hidden code starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign...

Malicious code in @pukpuk1/somsodamsd (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1fe2dc16d3713a1dcc39d8fe68cd5a522648569a02d75fedfc83534792701b2 The package @pukpuk1/somsodamsd was found to contain malicious code. Source: ghsa-malware...

Malicious code in skndkjasndkjan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1db684638c7c4cc14bc030fa38952c5a81da5ae4fbfc4d8a7279f52096db4299 The package skndkjasndkjan was found to contain malicious code. Source: ghsa-malware b3faa645d3b9d269340718ff8ee7b86fa018985ce3748a7619a156fbec8fce44...

Malicious code in lyatly-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa157e65bb67cd3f088cc4f38956e3f1b9cd202f73a212f4a92a87528eecf054 The package lyatly-utils was found to contain malicious code. Source: ghsa-malware 204e1babf8aef5194fc7046392fad75412787d49c6468fe0a18394f9bdc4e416 A...

Malicious code in equimper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 174afe3f7c17abcec63d8bfa72500c726f7e7cc7a5b9f726c387f5e9c5399287 The package equimper was found to contain malicious code. Source: ghsa-malware 239809818f810ae94c81e006270640279952fcd3123a3e4da631e6810f4ed4de Any...

Malicious code in mysql2.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bf03a68f80a8549d53b74c88dcddc103e1ba4941db706b05958b5a8afd7912b9 The package mysql2.js was found to contain malicious code. Source: ghsa-malware a62950456c9e80360128c446e77395618e0567734ef79c8d93f73aa0c1c45115 Any...

Malicious code in testxhjhk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 69bfad0315831fa5a60d77a9ea4bf705da5a42766326b6c7663fe3c56246eaf5 The package testxhjhk was found to contain malicious code. Source: ghsa-malware 6fec9c997770e337f9bb2f7aed6675ddc3c68769e5a3e134d5fb84e0e43944bf Any...

Malicious code in ftm-noderpc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48bffc97a9e30f15aaeea633df39ff0ab500a8f4aeee9757390e0d0e2393e9d9 The package ftm-noderpc was found to contain malicious code. Source: ghsa-malware b2c3dc311c3d101881ee473edd9232f94c95686770a45f681038070507407fc2 An...

Malicious code in tripica-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2094e4c510f7d9f01acaf3dcdb4e2fda46afbe56f235d8168d81bcb984e52fc3 The package tripica-library was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in eits (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eec23b0de809cd836bbc3b47232454674773608dd4429cb3ecd6a45fb5d9c2ee The package eits was found to contain malicious code. Source: ghsa-malware c01b198ab80fdc36e1397f6938db086271de12c3a19de4744858614f97742a6a Any...

Malicious code in oxnoxon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 07667b579e49b5aa7dcc235c9e846cb1ea838af728878c44548d30a94b136dd3 The package oxnoxon was found to contain malicious code. Source: ghsa-malware dfafb8b040b2477ed33376b3c89b6854913025495027f4d32d6d8cd675ee84ec Any...

Malicious code in @transaction-list/transaction-list-lg (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e58eb6c67a7a0d136bcfc1976caeb8271d491e519e75b15c87994e130147df99 The package @transaction-list/transaction-list-lg was found to contain malicious code...

Malicious code in csv-parsing-xz (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fbd0bb44a5de8aaaa9d2397fe8ff5fa7e9a7274bb5d6efe9ef6af97ba8747692 The package csv-parsing-xz was found to contain malicious code. Source: ghsa-malware 40d41fc1adde6793bd8a6626e41da04bcb68b4934a4760eeb34c278ed6165adf...

Malicious code in sympy-dev (PyPI)

Package downloads and executes code from remote servers, indicating malicious behavior. Multiple files and IPs involved. Package impersonates popular sympy package...

Malicious code in code-transfering-4 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f49b12f95d153280889b4da45b5de3017f21159ad06622092779705ad22e855c Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...

Malicious code in @spx-delivery/react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b03f32e2859ef16f71897fc985589e436c704979df087b57bb61fedb63e89c51 The package @spx-delivery/react was found to contain malicious code. Source: ghsa-malware...

Malicious code in react-sitecore-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7bcb38af52d8a28ad89a31c0415f1673eb2ca18ec76121703ded6334a6b7e6d2 The package react-sitecore-library was found to contain malicious code. Source: ghsa-malware...

Malicious code in legendevil1 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3188a850ecb974606264f28634afaca67ec2f49c1c759cf590aa39ba19e50452 Package is designed to download and execute a remote script, which then downloads and runs a malicious executable --- Category: MALICIOUS - The campaign has...

Malicious code in dify-api (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a40038bb1837e98127f2e267d1932d1eeb641c93e855c50af9aa25002e28c76b Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in helium-module (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 643f63c743fd06fb24cb2d488e001ce0efab3f0d82014801ea2eebad96041692 The package helium-module was found to contain malicious code. Source: ghsa-malware d34558c0d1e56c0103ad087e485e142f3918050a1b0bdc15fc7e7b46c1a2ae1f...

Malicious code in mixpanel-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b11bdefc18a5b590716cefe2036f1f759ccb42fd3c22c420ac524a479ff9f01 The package mixpanel-lib was found to contain malicious code. Source: ghsa-malware 03fe07795e21df3debb6abf06b5b47f19ddd7996e5be6b06d8dd07fa37e7cd2f A...

Malicious code in spark-ar-jest-mocks (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a67c582fb00bd7fd05adc5f9680fed203dd43086ab6efbcbec369bb386eaeb6f The package spark-ar-jest-mocks was found to contain malicious code. Source: ghsa-malware...

Malicious code in spark-ar-core-libs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1285c72e9b251b778e8914d717f3408a94460a9f9aca70a65945e4c510c5651f The package spark-ar-core-libs was found to contain malicious code. Source: ghsa-malware...

Malicious code in testingpy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 577f9c1cdb7d3ef0e010cc9e292142a11f3a84a9f1ed42f238a920e7e9617b35 Package clones a legitimate library and adds a hidden code that downloads a malicious script. The script then downloads an archive with malicious executable in...

Malicious code in okta-signin-widget (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1968f15d4faab74927023ad015e009d98087c120d8cb31b4a754faff297219b7 The package okta-signin-widget was found to contain malicious code. Source: ghsa-malware...

Malicious code in async-substrate-interface-upgrade (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9f97af1701ef4cd3f9c0a8bf1f8245a4291ac3b704b9149972b27a6dd9966428 This is a typosquatting/dependency confusion package that is part of a campaign embedding malicious code but was found before the malicious code was injected...

Malicious code in celium-collateral-upgrade (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 adea9a91926d593420b0d9d07dd66bc5656bb42bf3735074a3f33533800a79dc This is a typosquatting/dependency confusion package that is part of a campaign embedding malicious code but was found before the malicious code was injected...

Malicious code in spire.officejs-document (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8d977ed41d3fbf548651b650de7a64445638d9290c37650ea4063a4cdb9dfab The package spire.officejs-document was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in blobhunter-depconf-poc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6bbf9ae244466116ca709955328b8ae27867658e636ac521004edd501b38d4ef Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in telstra (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e6ff467569b104f23ebbdc6ef58dec14795aaf14548185bd3b31886ecd9b8003 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in @nitaiapiiro/rand_emoji (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 686999eb6a9720383d59bbca502497c33b67e49cd4f21b0fd3eba33d9be8aefe The package @nitaiapiiro/randemoji was found to contain malicious code...

Malicious code in @polystream/streaming (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e1e62a67308730d0ecc50d157d59a1b39a5786f27c611739f3b02642211d3cda The package @polystream/streaming was found to contain malicious code. Source: ghsa-malware...

Malicious code in react-devtools-extensions (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c07bb5eb2fa7f96705fece940955413b3976968c5a79e13bdd85ce00ec485e4 The package react-devtools-extensions was found to contain malicious code. Source: ghsa-malware...

Malicious code in bettermode-icons (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cea8112bbccd7b047a03169d6591f7ab7f756044a4203b2435152fe708cad5d5 The package bettermode-icons was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in verificator (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in u2f_client (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in sq-samsa (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in rails-structured-logging (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in lanchain-openai (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4c312361541ed240dabd6df1f9cb9ed856a718dc8c8881f43bbacb429807e303 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in utif-updated (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24ed42240868e0b6b0eff870ffa0f42d95bca3659f922078257f1a71694da3f1 The package utif-updated was found to contain malicious code. Source: ghsa-malware 3d854467203e61d8d828eafa2a699ba639c90e4045f0e92f033fdade35096cac A...