Malicious code in @pelmnaads/naads-common-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68990dfacdc750bf464d646aca4855c2dd23bbefcadef1d9638e2d663a23fc57 The package is published to the public npm registry under @pelmnaads/naads-common-logger with version 19999.0.1 — the canonical dependency-confusion...

Malicious code in exxpress-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 378e423b00c08a371fbae1c77360685d2277e502e9875caa53fb20f58a39f396 The package name exxpress-tool is a one-character edit of the widely-used express package. On npm install, the declared scripts.postinstall runs...

Malicious code in tsliverhome (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0855b4d02a0d276e8a6cf97b7c62d457b8ef4d851e243d758c2308d451e0876e Package name 'tsliverhome' impersonates the widely-used 'tslib' package 300M weekly downloads. The shipped README.md is a verbatim copy of...

Malicious code in node-ci-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1593e77b5e2763e7ace49c239accedfe30209faea11bc07cf3901a7253798444 On require'node-ci-utils', index.js runs a top-level init that, on Linux, creates a hidden directory /.local/share/.nodecache/, downloads an opaque...

Malicious code in claw-subagent-service (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2ccba152d6841731431c91157874c72b5f9778fdf88b634a45ab5d9da961307 On npm install -g, the package's scripts/post-install.js registers a privileged Windows service claw-subagent-service pointing at service/daemon.js,...

Malicious code in ethers-signing-key (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6735be7311be4f6b4f609762cfb77504fe141bc9d8d5b5c0a75d521119aa2fa The package's npm postinstall hook executes a one-liner that uses childprocess.exec to curl/wget an unpinned Python script from a personal user's...

Malicious code in npmjs_web3-util (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 263a0126b20b1d58bc0528a4b7bea19027b94383e00b5b9f03b712d96be89ca7 The package's postinstall lifecycle hook downloads a script from a personal GitHub Gist...

Malicious code in chalk-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0fe2974289b691a9f5541068f2e399aecb14a719779202ff5999652ffe351db On npm install, postinstall.js runs a credential and cryptocurrency stealer against the installer's machine. It reads /.npmrc extracting authToken an...

Malicious code in chalk-pack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e6eab5e9e696250cc719b36e144f4534cac2b38a25521cda80222b6c66cd64c Package is named chalk-pack impersonating chalk with keywords and index.js impersonating lodash; index.js is a stub that self-describes as 'Just a...

Malicious code in deltaprime-primeloans (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware de6dc7446f54374a89a45ea8f749647c8adc0aaf24720bd32ccfdb07e5b48042 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in viem-helpers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fe6492eec3b776a8654ae561b2f6d53c1a02ab00186b7dc5c8c72fb613c4e901 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in solidity-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 12e7b93d8eb164aafa0ae5488f7f7ceff21ceedac5f762e6c2618e85854df65e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in npmjs_hardhat-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 687cf12a3e056374d2222b02393858ebeca4856448165be0426f8fb32d207974 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in graddio (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cf6bbc8eaafef42ed4e5740b1ff94df7749de4241d44846467b438db586399ba During installation, package exfiltrates some basic info to a GitHub issue comment, and then attempt to set up a persistent infostealer focused on exfiltrating...

Malicious code in crypto-hash-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9807f28fe2b1260f19dfda8b33a6091967c5e18c41dc86365f06b6ad3ceb4eab During installation, package exfiltrates some basic info to a GitHub issue comment, and then attempt to set up a persistent infostealer focused on exfiltrating...

Malicious code in api-request-helpers (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c8e8b70ac4deca30691d583ac6891034222b7458bf5ba9e7b86cf5e6627d8abb During installation, package exfiltrates some basic info to a GitHub issue comment, and then attempt to set up a persistent infostealer focused on exfiltrating...

Malicious code in alembic-util (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8e9b764ee0ccd6a2c6c2db1b7722f083ee9f643cb99d03821d5e6571f68db253 During installation, package exfiltrates some basic info to a GitHub issue comment, and then attempt to set up a persistent infostealer focused on exfiltrating...

Malicious code in hackling (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cf12b321da2b42ce2302bdccbb35304c4f4a47c7a5e273076467b269982c480f Package automatically exfiltrate information about the system, including potentially sensitive data. --- Category: MALICIOUS - The campaign has clearly malicio...

Malicious code in pandas-data (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 34c3e3d51b95102fd72f00c2b6c4bce7e34a801326dfbe7557f2d4346ed37508 Package installs persistent malware acting as Rat, with the focus of stealing data and modifying copied cryptowallet addresses. --- Category: MALICIOUS - The...

Malicious code in load-bufferjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 04d9f5ba202651d252a375411cf609db6f9a7ae83f164f6f2e66559a6dff5b92 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @dropout-ai/runtime (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2121b923a39177ed68ce5cf066cbb07891b7cb5d20ecf5ec66f2c953634eff10 On require/import, src/index.js replaces global.fetch with a wrapper that intercepts every fetch whose URL matches openai.com, anthropic.com,...

Malicious code in knot-simple-formatter (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters. The packages in this cluster steal...

Malicious code in knot-rails-assets-pipeline (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters. The packages in this cluster steal...

Malicious code in kaggle-runner (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8dcd49ca70b987b236ba4341d839addfec9afb344e1471195f2f825281092f71 kagglerunner/coordinator.py embeds a bash reverse-shell template rvsstr that connects to vtool.duckdns.org:23454 via ncat with retry/backoff plus a...

Malicious code in 6cc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4956159952af1b6af08b70ab219d7827988fae1fd82994f29090a1f2bf299094 index.js executes on require as an IIFE that reassigns console.warn/error and adds console.SL/FB/N to forward arguments via fetch to a hardcoded...

Malicious code in @2oolkit/hyperliquid-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c3af30011dcf54950f270463028270d732fce20b5cd5da44342a0748922e6df The package is advertised as a neutral CLI/MCP wrapper for Hyperliquid, but its distributed code silently routes value from the installer to an...

Malicious code in @chahuadev/junk-sweeper-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d446150767f92344d8d0a699f5879bd746200fb8beb60554408699868f03d51 The package's postinstall script package.json line 10: "postinstall": "node install.js" unconditionally fetches a platform-native executable from...

Malicious code in 8oo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c949ba1ac1cd3a6c96d3f1fc8c32cdc64cb9474fa07dd6633ebf4f69073a495 The package's main entry index.js executes an IIFE at require time that loads 66o.js, which replaces the global console with a Proxy. Every intercept...

Malicious code in guan (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e04a9a658bc7616e72a5edf276dd049e5b697f2492c46929caf2e01fac95d84 The top-level src/guan/init.py unconditionally calls statisticsofguanpackage on every import guan. That function in src/guan/others.py opens a raw TC...

Malicious code in housecallpro (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6e95d04cb7977b9da45686f61f19767b33fb3e4fd1af5081b1a27acfd9ee9337 The OpenSSF Package Analysis project identified 'housecallpro' @ 1.0.1 npm as malicious. It is considered malicious because: - The package...

Malicious code in @tallyui/storage-sqlite (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2dfe62118fbe292ca123fb157b6fe7d34d5613dcc334553c5cb767636b88ef2b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ml-toolkit-ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...

Malicious code in @mesadev/sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...

Malicious code in @uipath/vss (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cfeb2de2eaeb02a5d8f7ce7edf48891f2dad988fb8fd5ed5b26e7c7118f3c9cc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @uipath/uipath-python-bridge (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 465b4e4f63672a795258fa84f389a2194ac5052990b98799381806b2cc286069 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @uipath/rpa-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 27baf6f8e722fd9803bff5f0d455ae5867fcf87135864df02a6f269cccf659fe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @uipath/robot (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bea1fa21506bd8c16e7bfe9374906720288e6a4cae68b5e28299322cadebf60b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @uipath/codedagents-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7321b8eb18854f6e785ee2862e6f977f0e45ab2cfda39b5c05a3ca23a704a15c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tallyui/connector-shopify (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d106ed4bb3649c216aa7b4a45dec994551171295f9a95aa27ed7e0561664e644 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @mistralai/mistralai-azure (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector af58e099ab615b8869cb741b5604f6becdf1e9d1d7c5ac326f9c4065f5f590f6 The package @mistralai/mistralai-azure was found to contain malicious code. Source: ghsa-malware...

Malicious code in @tallyui/connector-vendure (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0283da4a59287c5418e3485a9a642cfbb9cc387f5e1ab4c120af92199daa0970 The package @tallyui/connector-vendure was found to contain malicious code. Source: ghsa-malware...

Malicious code in @squawk/navaid-data (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 966263f7b58fca4470e282294f432c7c78d25b154b3c6daf6580d2b426a5e004 The package @squawk/navaid-data was found to contain malicious code. Source: ghsa-malware...

Malicious code in @squawk/icao-registry (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3cdcc18fc8342a0ce7e7b2f3751bcb7d6e64c3fe660a9c5836f6d06aac4a4b45 The package @squawk/icao-registry was found to contain malicious code. Source: ghsa-malware...

Malicious code in @squawk/airports (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01fabaad6adcf6ba78ba71fb750d70c8e3f3a1e524a75a6b8bf8ddc7769ac5b0 The package @squawk/airports was found to contain malicious code. Source: ghsa-malware f8adf8853b03c99d84b919062f8c688b4bfb42f72cc9de33299fe3e3f9a2b9...

Malicious code in @squawk/airways (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a54989a6191f1d94771608b8f3552bda56715631b5a25aa301da35cd1ccd869b The package @squawk/airways was found to contain malicious code. Source: ghsa-malware d2d4644fde6979be241ba839c52ea3532ef3b0b25355b239ade4e1dafd9e272...

Malicious code in @tanstack/router-vite-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 59c369975f931e9f8a4ca499e887c2ec41f7d1dbfcdcb83fa9e6ec9717ea4910 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @squawk/airport-data (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a12035131eafd29a07572751653f857706ac1b113fcbd498a70f54d96d5276cc The package @squawk/airport-data was found to contain malicious code. Source: ghsa-malware...

Malicious code in cross-stitch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bfe06155444d60d3774a256051b31f6a4814f484f33830cbe61eec7ebe611be6 The package cross-stitch was found to contain malicious code. Source: ghsa-malware 7c23bb77e762be76915e8202d11074aaa122efe0a8a32e403fa00ee8563c9bbe A...

Malicious code in @tanstack/react-start-rsc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 54678e0e02befdbc43f928e36fa9a25991d3eb222775849d4225eab0480904f1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/eslint-plugin-start (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2b955b97c1476120c292ac6f7089a3d876161555205940838c49e6b09abe08e1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...