Malicious code in compass-e2e-tests (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 27a245065291bd7252411254769a1764aab8e228c8ca161708734a3d47d3c9ec The package compass-e2e-tests was found to contain malicious code. Source: ghsa-malware...

Malicious code in mds-webcomponents (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b33015300fa18b6b3d2c2f1c0af0e77cbd9fa96c7af7befbe61a5422165824e package.json declares preinstall: node index.js, which runs automatically on every npm install. index.js collects os.homedir, os.hostname,...

Malicious code in aliyun-python-sdk-v2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 29bd2455a576643c51939bd166abab847afd04c3142b576e3f9f0c7978763181 Series of packages impersonating Alibaba Cloud. Two oldest hide code to run obfuscated code, but are likely to be used as dependency as the obfuscated code is...

Malicious code in alibabacloud-code-tool (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5e4d81a71d0710ac3618ec41e8027ee6a96ae9845ca67b33b950c8d99d8d2e8a This package impersonates Alibaba Cloud account and contains highly obfuscated code. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

Malicious code in @qualys/react-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c63e27e2c86203c152f6f7bfc30136a44d93bfbc84522fcf86ca97976511a59 The package @qualys/react-web was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in clawdist (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3008887b6c2929530cd48dc996c91d70eb92432465d02f4ff28e6d5927350097 The package is prepared to download a hardcoded executable and save it in %LOCALAPPDATA% under a very generic name, clearly aiming to hide its existence. Code ...

Malicious code in crc32fast (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3b89c674974bf58c7388a27bf1c6ea954a890de45a3e9ba4830c1eada3a3ea6a Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in cubaflixdownload (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e301875480dd0a0265eef6c8d1a5b65ef85f1e2051d0e5491dcb4767c5f7b578 During importing, the code automatically starts a Telegram bot designed to download and save files locally upon a specific message in the channel. While this...

Malicious code in magicwolf (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3d4f256ccd65da42e297351fbc7c15d4f3b25789c362d0d3419d580c4e07bf34 The package is prepared to download a hardcoded executable and save it in %LOCALAPPDATA% under a very generic name, clearly aiming to hide its existence. Code ...

Malicious code in json-mapping-src (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fc958aaacb5ea616283510ccda98b0a4634c35d348eece1613366ac66ad41abb The package json-mapping-src was found to contain malicious code. Source: ghsa-malware 8e7f8a61a6a361880bea88321b1f130627266e5f1d54e8aa9d9f47d64c99db...

Malicious code in codexworld (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector adbcf3a15ca44fb393a6c8e40217d59fb72f228be073dda7d50c70236131d586 The package codexworld was found to contain malicious code. Source: ghsa-malware f062939a6f9a6652f3a2e08c3192935b45ce6fd84970a96e43007d424e25b573 Any...

Malicious code in ecosystem_ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4987a955f090814c8e125cdaca051b7d106fc4e853cc4e45bc253fbb444f8d94 The package ecosystemui was found to contain malicious code. Source: ghsa-malware 31a22a7e3ce76544adef6885be748f17910483d02a1f19395a520b918516ea63 An...

Malicious code in hxz-protection (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13dc9932ef1f00aa6dc52dbc5bbb2a7b4096ff94d4dc575903837159d377ba18 The package hxz-protection was found to contain malicious code. Source: ghsa-malware bbf0a8985b32c32401ddf04b75ef930250aab926a54a6ae5dfce381386eb0876...

Malicious code in wropz-module (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48a8b0a5b3f12323a6bbc3014fa023b370236b8874253a47ed61930d4bbcee4d The package wropz-module was found to contain malicious code. Source: ghsa-malware fbe5a4f55692f6a9db6c052776dc2fcfd3825f7da077f3e45b67466cd4059bd0 A...

Malicious code in despicable-me (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 80a6021ab3cbadc4a7b2c84dee85c1da3a01ecbab1b0a3b1e8aa1f6835a818ca The package despicable-me was found to contain malicious code. Source: ghsa-malware 8919618889f25d842da82fbc9462b9c95cfdcc8aaf393841f00b952d6f2e71f1...

Malicious code in magichat (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b999f3f5762dc9bcb0dc2e91ef10116a368aca535d2f07fa2519e8d64bbc0902 The package is prepared to download a hardcoded executable and save it in %LOCALAPPDATA% under a very generic name, clearly aiming to hide its existence. Code ...

Malicious code in displaydoc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c4ab5c0ca76295a578d62119bf6932953098ec9ecd0bb7f21b397da85b08d5b8 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in marshmellow (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 dbf6f50353e6489a831a2575831b93fd5f99a9cbd60cc30260fd13838beda73f Package is a typosquatting or dependency confusion attempt with a low-harm local-only action, like leaving a flag file. --- Category: PROBABLYPENTEST - Package...

Malicious code in express-gueues (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e3d2a703d47121d83fc4fd21e63f8757839d406f367dc4ddd52e28d8be2d72f The package express-gueues was found to contain malicious code. Source: ghsa-malware a3e7609fa317c76c61508c249616ae1c6b4d0ea5840b155a5d1196e5a5547934...

Malicious code in ntoctfutils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f65404ba7442c7d16e3f569b7c84afc4d1df23f9497ac3a6101d5ec3c168956f Importing the module downloads and runs a remote executable identified as malware --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

Malicious code in requests-auth-toolkit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 03bb4c04410c4e3c58d7292eb47f8f76a2fbe5265abea29826ac910e890350d0 During installation, package installs a script that listens for remote commands and executes them. The script is also added to autostart configuration and...

Malicious code in gpu-discovery (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ea1fffa4a4969c85232301df3c8d107642ac143fbf51600d166cfd2f8d536e10 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in vllm-plugins (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4fa0706d497278a502d158c89d51645a6f4e8187ca325aacaa59facccf542a03 Generic campaign for all likely research / pentests, where the amount or art of collected data raises questions about the privacy, security and ethical side. -...

Malicious code in notification-saved-search-settings-podlet (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2059b78866965dce7f68bf358485c0f98eeb6c9befcf4455115c5d8623013e7f The package notification-saved-search-settings-podlet was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in search-savedsearch-podlet (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 878a9c43dd8ff489c2771eb72e59389391267772d0e64b6dea94a657d0ca7b3a The package search-savedsearch-podlet was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in myads-layout (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d196800be4de842ce4eb526181a86b7d78e5e3851954256a68d9cda3dab4a89 The package myads-layout was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in @reimorg/config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b715386d6331820f6ad234559c9b38d82c81bd4e0ff2ba695a8f509a4a0b9d81 The package @reimorg/config was found to contain malicious code. Source: ghsa-malware 01b3357726455a4a24aecc9b4255f7ea96cab434482b28a50e5d48f06e3cf1d...

Malicious code in express-configer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e492b9087ab21198777e586b9d21eade1fe2948bb67f1ab484c7274056861276 The package express-configer was found to contain malicious code. Source: ghsa-malware 8484436a0b43b94054c0fa7ceb955362a6557d9bef3019e2fae2e51e42ff1f...

Malicious code in sap-code-style-guides (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13203a88392c91986f587e28ca25120b54f0c4d4ee5dd2c330c2bbbe6243203a The package sap-code-style-guides was found to contain malicious code. Source: ghsa-malware...

Malicious code in narrow-array (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 508eafee6916ba29ade3caf0722e7bffe693e53fa35a4e74f0dc385950778f34 The package narrow-array was found to contain malicious code. Source: ghsa-malware 8bbee1a11c9aa9d6feb751063161f9802c6245890a9764cdddf190d3357df462 A...

Malicious code in devtools-webhook-cicd-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 807557cb6ac51aece00eeb28f55b89815176c95172780dcdded46b667f843771 During installation, package installs a script that listens for remote commands and executes them. The script is also added to autostart configuration and...

Malicious code in ntoutils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 15b6e8b1974bbd5ee6ee5e5abe0619080d87644b200fd8fc410f70a2f23213ff Importing the module downloads and runs a remote executable identified as malware --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

Malicious code in json-web-sources (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b1334dba3ed3954154395d5993332e1deb8b238be09d0adcd260e3b35d98acc The package json-web-sources was found to contain malicious code. Source: ghsa-malware 7b5b7f3896b01dd45503daa7565b91666029b06751c908d7e41fa1ccd23ca3...

Malicious code in http-notifier-test (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 876fd5ae23d7c051fa55647bc5b152a7905505782e78ca9536b161318d2e000f Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in teligram (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8090b17ada40e394e1d9df27c6fe6c22db7eed330f00e44ee1cc4d94bfbf3fef Package contains a Telegram bot for remote control of the machine. While this doesn't start automatically, this behavior is not disclosed by the package...

Malicious code in hardixx-code (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c0eeb07f1a0f9149c6e22016d85bcc59e5d0bbbac9514fbef9a2ba0289bf75fe Version 1.0.2 introduced loading obfuscated code during importing the module. However, distributions uploaded to PyPI lack the necessary file storing the code...

Malicious code in thread-pipeline-test (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2d7de9849aa6d6194b8d6fdf574c6c56c3de7cb75ad338f2428fc7f1374e4280 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in web3-chain-sinon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d656a8031870a05e2b7fa8dec1f3f9b9b48c3d8de3d93df42c787c139b0693a5 The package web3-chain-sinon was found to contain malicious code. Source: ghsa-malware f522ddb6d36708e509e4e4074bed2658a3a1e4101d4a45bb588e08c611cc33...

Malicious code in web3-sinon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e6990443632c3224a5e897d1747fcd76f782eda8d020447076d59cf305b03c82 The package web3-sinon was found to contain malicious code. Source: ghsa-malware 7d195e4b1eda9212f69e313de4107deae82670a9615ec25b86c8aaaf3df0e1f9 Any...

Malicious code in moveworks-pipeline-test (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bf307b5f3cf29ebae108dfd8b8767c38bc26da4a5bb4ca3f82ed63e137921531 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in @rsgweb/utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ee9f14ff2b440c9d947019c65ffaa29df41116c3e35f18691cfcce733246790a The package @rsgweb/utils was found to contain malicious code. Source: ghsa-malware a9a98e6a12ac6be8573661e76ab7342baf0c83aae4d1907c482230dd5606dbc9...

Malicious code in @rsgweb/tina (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6fedfc10f9721045fdfa303f918c63315e6863b5acb7f3d86443a03333e1994b The package @rsgweb/tina was found to contain malicious code. Source: ghsa-malware 4636b5e7c22aa34f9aea154f9b4ca825a51ed64947c6a0c2eab7203e24967a89 A...

Malicious code in @meli-lint/eslint-config-base-ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4086f80598ff1b89ade2e3e2efb54b1a60f19cdc764415d7d52738252eb98f77 The package @meli-lint/eslint-config-base-ts was found to contain malicious code. Source: ghsa-malware...

Malicious code in @sporting-life/sportinglife-be (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f4b24a7ddfb4409a4f55d56daff3a71ecf2b84b8f99e99c3548b431fb9a885d The package @sporting-life/sportinglife-be was found to contain malicious code. Source: ghsa-malware...

Malicious code in @sporting-life/sportinglife-betslip-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03ea37f49a71528d3b04ca0f85062647957839058cc40ad9ce8d1a60a1dd51c6 The package @sporting-life/sportinglife-betslip-sdk was found to contain malicious code. Source: ghsa-malware...

Malicious code in ac-dom-events (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f238a5b77b3e11372b1aa3ce3a92c8faf8ec01536ec65004a05051de2ec306c The package ac-dom-events was found to contain malicious code...

Malicious code in ac-dom-styles (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e39cbc9f0e4b0b813dacd1b2dbe7211e456f56b12dc39033aaa4f20064b90e7 The package ac-dom-styles was found to contain malicious code...

Malicious code in ac-feature (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4336ebc941f06184c39e082b6d53167ba1466dad57a4a05936446980dd4759b The package ac-feature was found to contain malicious code...

Malicious code in adobe_pipeline_test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7e438937c9c04fd06645a505f5bd509ee3c1fa942be02cefa881023f849b781 The package adobepipelinetest was found to contain malicious code...

Malicious code in ac-element-engagement (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 781104558212062e46f87c009a2a0af57fb00f707c878b53dfc5a7c241cce06b The package ac-element-engagement was found to contain malicious code. Source: ossf-package-analysis...