Malicious code in minify-mangle-names (npm)

The package 'minify-mangle-names' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in typescript-validation-schema (npm)

The package 'typescript-validation-schema' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in todo-plz (npm)

The package 'todo-plz' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.com...

Malicious code in styled-components-a11y (npm)

The package 'styled-components-a11y' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in developit (npm)

The package 'developit' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.com...

Malicious code in tailwind-mainanimation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64236873269f6da90599a0e0136ce22979e4bbfd8103cf4850e42c1179ae6cb5 The package tailwind-mainanimation was found to contain malicious code. Source: ghsa-malware...

Malicious code in pulsard-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5088b269cb089b9b077cf5a13f9b00cbb8d01375276ce1e2f1c99fc7154a46be The package pulsard-utils was found to contain malicious code. Source: ghsa-malware ff1030d82dfca7d7403806e0bd8ba645d25cddd141cb5480664a6555f2d441d7...

Malicious code in tailwindcss-animation-advanced (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ce5cca16e60f9958f552f1a26e24d39638ac246580074b3125b8867e9769f3b The package tailwindcss-animation-advanced was found to contain malicious code. Source: ghsa-malware...

Malicious code in @depro-tech/cortana-md (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ab02cdce682fe76e6709fc00a3df615b366f38ed30270f635ddca7b122275fc The package @depro-tech/cortana-md was found to contain malicious code. Source: ghsa-malware...

Malicious code in iron-fit-behavior (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67d3440b6e1d8f6bfca21cf53c207a766d966cc2ba5033d8557c044c91a8b950 The package iron-fit-behavior was found to contain malicious code. Source: ghsa-malware...

Malicious code in odds-analyzer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fd711f9267e0e1bd3dc42ff98c117a939f5ffa947f11c5fd3d9aea4bc8a47c1 The package odds-analyzer was found to contain malicious code. Source: ghsa-malware 90239f2eeaa13b5a4c00596bcd6f549ab3948f0b1421e246ce67a7bfa30248d6...

Malicious code in remjsonparse (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e478d1e016f1d6d6d1cb4a9d23ac45449c22d99aa8e71c88d2f38fae8951f23f During import, package starts advanced compromise actions: exfiltrates AWS and git credentials, commands history, security tools in use. After that, the code...

Malicious code in prateek-yadav23 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e73aa57c13235ec4d3bcf7aa6139bb5a1bdbade9d72ae81a20c291766b9ac7ab Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...

Malicious code in @wgu-edu/wgu-icons (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d26d12da6d55658bcd129c71b6cd484c74498f993ec35f2219f69b6b8018ccee The package @wgu-edu/wgu-icons was found to contain malicious code. Source: ghsa-malware...

Malicious code in @wgu-edu/wgu-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1492a1bd49042802301333ea517f4b8406c91e845c6189c43be215cb9832edf The package @wgu-edu/wgu-core was found to contain malicious code. Source: ghsa-malware...

Malicious code in test-mal-npm-pkg-not-local (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 803f42bec3cf0ba231262e882d9fb5def7e78c005b10e0c32edf60aecad5d9bf The package test-mal-npm-pkg-not-local was found to contain malicious code. Source: ghsa-malware...

Malicious code in python-module-installer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 61bfa181c5afb9e33e0d529138c813fc05d8130062182d9d1a5cb4ef9c8da0ea The package clones a legitimate webdavclient3 library and modifies it to be an installer utility. During installation, the package exfiltrates the current...

Malicious code in webmd-url (npm)

Package exfiltrates data via pre/postinstall scripts, and has a suspicious main entrypoint targeting MongoDB configurations. Package extracts data like username, hostname and current working directory and sends it to malicious domain http://4v6heh2m.requestrepo.com/depconf/webmd-url/ --- -= Per...

Malicious code in pear-apps-utils-qr (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8bf18757dd3797d845e6746f010e38421985192e8623264615f68c13b4ec0a1 The package pear-apps-utils-qr was found to contain malicious code. Source: ghsa-malware...

Malicious code in pearpass-utils-password-check (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e49c29e613eb5defffe0f8db190791cd1e27be699c5aa6343ad0d60814b2e756 The package pearpass-utils-password-check was found to contain malicious code. Source: ghsa-malware...

Malicious code in nf-referral-backend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ffb611867bc3ba4676e51a8f14605087e805e92819becb23a5be2629a5418317 The package nf-referral-backend was found to contain malicious code. Source: ghsa-malware...

Malicious code in pearpass-lib-vault-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ea7f0d3f5aeb68d46d1b2937e4f8ae385bbf4259cc518a7a27c72cc0068610f The package pearpass-lib-vault-core was found to contain malicious code. Source: ghsa-malware...

Malicious code in chai-as-confirmed (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2168a933bb356d4df8f0bdf1f0bbdcf7f8adc5622ed08ca11646b762c1ffd313 The package chai-as-confirmed was found to contain malicious code. Source: ghsa-malware...

Malicious code in polygon-bitquery-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1d6daf4d1c0048da15a68fd80e8793122e363078d90c68f3d596760c5ca0156 The package polygon-bitquery-api was found to contain malicious code. Source: ghsa-malware...

Malicious code in consolelofy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9026237dcb17ce59b31ce42b7af60ddbe094cb955735a5dc1833275d5f01c7a The package consolelofy was found to contain malicious code. Source: ghsa-malware a251667effca1d80bd932709965abc6f6c61172812756404c3b8b2d7b340e23f An...

Malicious code in fps-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bfcfad29caf018b810db804d52bcc51a3c7a58d192a3b0786578cb7d6fdc59a7 The package fps-logger was found to contain malicious code. Source: ghsa-malware 8103cf4a79c0e573f235decb21067a2c997a8a7a342f6e24419f1cbb4ee4721f Any...

Malicious code in token-discord-encryptation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38c8f046fd4903192eb3de371ca4df10734635758b721d7cf2827f9df6f84f0d The package token-discord-encryptation was found to contain malicious code. Source: ghsa-malware...

Malicious code in solongnerds (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4924a4f78f84d4b49d96f2ced7769ac484017ae28bb6fe63f94e937b199222f The package solongnerds was found to contain malicious code. Source: ghsa-malware 5ef9463bd7feaee40d35efb13e75f19b54fd802eeb788cddc3cbbd1ba90b2ba4 An...

Malicious code in danzxoffc74-libsignal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82a41216321e9b425e7d33eef60ae4d705b659dad737e18b8a84bee404d031e4 The package danzxoffc74-libsignal was found to contain malicious code. Source: ghsa-malware...

Malicious code in hackpreinstall (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a33e3f8d27139e08c22f475145ed3748570d6aadbd5f194bb0cce5be5a93fbf5 The package hackpreinstall was found to contain malicious code. Source: ghsa-malware 75af598258a7a91741c032e5d4ae8deafd1d54d392cbc950c3e0b3da69936c7e...

Malicious code in amigapythonupdater (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 46cf32631436ddacf36a4984b254c10554b4e94c6099c5012a96ec3a7c5426a1 During import, only in specific environments, a module containing code disguised as telemetry is imported. This code then exfiltrates sensitive environment...

Malicious code in @yaoii-bails/yaoii-baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ed396f1228bb5c4f785eb68f0563d53d27b54cffad2128d602febec05f02231 The package @yaoii-bails/yaoii-baileys was found to contain malicious code. Source: ghsa-malware...

Malicious code in argonist (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2aecefee8a1b9d2c70f2c881352080e02186d102f05f82b1c9942a80e899946 The package argonist was found to contain malicious code. Source: ghsa-malware e3e27b60d79e256cf34ebd7b3f37d626812ed621fff44c3b60b08b3144c0f2db Any...

Malicious code in typoriem (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e473ba3785bff62ce2994c6f09309570eea69282acc5438f015d85ca0e61cf5c The package typoriem was found to contain malicious code. Source: ghsa-malware 4dfd9fb9cb096af0fd4d1db216d08d1ae5592ef63c0c97c66a491b00ebdde43e Any...

Malicious code in sequelization (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 456b2b9d323b090f464c9192617e5837b462aaaf654d9da5aca02dd9deadd516 The package sequelization was found to contain malicious code. Source: ghsa-malware 98293858bc27dde3605f9e7765b31d966632968ae9c66036f2bce73a8dfe7ddb...

Malicious code in daytonjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64164959c731481a5fc4117f26a4e9716c24483ac92839fc7945131c96232801 The package daytonjs was found to contain malicious code. Source: ghsa-malware 2961273f0dc9c6f1bc13bb7c4e47797f2eae23dc3dfcafbf3f58984225127c16 Any...

Malicious code in bee-quarl (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b90e7b3eadcb23e766223167d16f561fd64fe44ec63f6e77afefe38966da2fec The package bee-quarl was found to contain malicious code. Source: ghsa-malware 642b83461b49019b47d27820b1dbaed267f2365eecf5fc74467d02192ec662aa Any...

Malicious code in botbooster (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0ac97422a8ea78df8c5538d0dbada7aad5720510773f1855cf5e4b5a9cbc56cb When using the provided function, code exfiltrates the sensitive token from local settings.json to the hardcoded location. --- Category: MALICIOUS - The campai...

Malicious code in dc-web-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b4a9ee6e67e1a649fe34c92b180cb1de89af4ac592d918fd7806dcc7aeccb53 The package dc-web-app was found to contain malicious code. Source: ghsa-malware eb1d0c37e10d0f166990673f475cf3b1686c9f8b8ffd25199d48e3ddc45edb85 Any...

Malicious code in myproject-bola (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f85bf2df7a8a311b7140ca4086746ecf3c26b219843b96c1f9f8c22f505e7edc Starting the module initiates an infostealer with a Telegram bot and RAT-like functionality and hardcoded credentials. The code automatically adds itself to...

Malicious code in randomstringgen (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9fc95ea566ad1938f7f75123eee2d8b3365bf55f06d7aa8a5f569f5e4c696132 Using the provided function results in exfiltrating the current running file likely the user's script to the hardcoded location. --- Category: MALICIOUS - The...

Malicious code in bps-design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f41e4d6abfba5f03e914140b0b171314ef8a614e3e03ff9685325532260a745 The package bps-design-system was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in cdf-clients (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b42b01e54e7410b51742faa0cb35fe74a73333f619cd8634b5491d3b32418732 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in cicd-ppe-redteam-test02 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 14adb6733ca8f958770b9766a7f255fbd8562886dce3b42cee772eac50e52d0f Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in cicd-ppe-redteam-test01 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5ff0b643e9e96817244b6499fdbcfd26b6c26cf366980909a6461e4c15b389fd Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in react-svg-helper-fast (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 39fb02f7b438a7ec942c0fa38a79d9d1c8014a7747696a55445376fce8f8d721 The package react-svg-helper-fast was found to contain malicious code. Source: ghsa-malware...

Malicious code in get-fonts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d55d952f3fb507a89362a1535e7cf7d781b6f26e82c7130ca008af612bfddf4 The package get-fonts was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in @coinmetro/app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8710d0b7801eb38be3efb787ab05f7dde1bf3d8e16e645c2b587fc6af19a60b1 The package @coinmetro/app was found to contain malicious code. Source: ghsa-malware 298d5aea9a95bac11ef6a844456d1e9144166fa3eb0885775e41a79b1c8319b6...

Malicious code in do-not-install-this-package-003 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3b7a8f2037bd4c28a5474af17179da0c12e37019623f5efa4d081d60758d4ac9 During installation, the package exfiltrates env variables and data from different process memory to a remote location --- Category: MALICIOUS - The campaign h...

Malicious code in json-mapping-srcs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e1a4791659c68903f36ecfbf9da2e8af6dacdb98a4a525d5f104d43b07260cca The package json-mapping-srcs was found to contain malicious code. Source: ghsa-malware...