Malicious code in aiihttp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e98bbfaaccc91213e80bb0a09f5081a5701cf01629ac8b82370adbbbc42178b0 Obfuscated code downloads an encrypted binary blob, which is malware finally starting cryptomining. After starting the malware, the Python package uninstall...

Malicious code in atm_bmw (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aca0601b1d8613895ac524d33f93ab92365d464e80eb526e58e2ca919abba129 The package atmbmw was found to contain malicious code. Source: ghsa-malware 20fd437233c7e774bdca9f661a997a94bd0d8373866763c3638f9bc12c588c5e Any...

Malicious code in kid-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1bc35802113ea5c7ac4e3d956e72af4ce3fbc5a9b3b8fc4c9d610d158d65250a The package kid-api was found to contain malicious code...

Malicious code in showdownxss (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2bc880126bd2e6f146d20b5f0ffac063167334b69f8a27a8e39446e2aa60ab1a The package showdownxss was found to contain malicious code...

Malicious code in pdatainstaller (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 671a0098c14338197a26cb64b7f5c35c0e741f3151313fff784bc7a4862ad579 Package is designed to download and execute a remote script, but the script itself seems to be broken missing or wrong URLs. It's most probably a test before...

Malicious code in common-cli-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b4c7bdeaa334d938afac649a1c3195ff47bf6fef18168e78b61ad22c6252450 The package common-cli-utils was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in @vietmoney/react-native-htmlview (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82606664e32d7050a729171d5dac24f54950e90b7259a7f90a582e94632fcc61 The package @vietmoney/react-native-htmlview was found to contain malicious code. Source: ghsa-malware...

Malicious code in landingpage-service (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d33042e8f056ce06ca8931599f3a0d11547dd6a7d11d2f74ecc0140bd247533 The package landingpage-service was found to contain malicious code. Source: ghsa-malware...

Malicious code in broooxddd1414 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 96d927b6bf59d0d5aeea78de6b99df11c32ad0e467da980917a16703d5a1c0d1 Package tests possible malicious actions during installation by starting notepad. There is no other functionality, it's clearly a test of possible malicious...

Malicious code in shopify-app-react-router (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d58b68abe183faeee5b24e4b524d982d1c78881c8d0c48dd847411bf8fc087e6 The package shopify-app-react-router was found to contain malicious code. Source: ghsa-malware...

Malicious code in cdd-plugin-for-datawarrior (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ab7ca6ae4de6f4b1898f1507f69f89459ab40983852692e28a6b599f9e2318f The package cdd-plugin-for-datawarrior was found to contain malicious code. Source: ghsa-malware...

Malicious code in express-js-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e922c32d1b163c8938985f7665f539243b9be99316491150e61476d30cf0ce68 The package express-js-web was found to contain malicious code. Source: ghsa-malware 50f874487616a31800182c5b87aec47559f7136d5ed3a84355446b795a3137d7...

Malicious code in ugc-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ffd0991cb1cc7098930838b404210022aa2667d78f2884417f449d85e90fb12 The package ugc-kit was found to contain malicious code. Source: ghsa-malware 4e44ecda4e96910709480e50046146e482992e36fb2e8429211e1f653376d123 Any...

Malicious code in crypo (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3a0850548e71807fb514fcd1943f55f7c3bd6408086ff7a495d7df628a083db9 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in telebot-bot (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ae13454f920b5cce1011546e4802ed263ce8218d4b484ef8471142abb42c3f3e The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

Malicious code in ing-feat-auth-idin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55080ac00ebd2c937db80d93324226b3fbb9dda607619f44d94dd4c09a8ba0fc The package ing-feat-auth-idin was found to contain malicious code. Source: ghsa-malware...

Malicious code in dotjsenv (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 199e0e242516cf235f3d4f4d7b7921f7b52573e674bd76da515939782a81c153 The package dotjsenv was found to contain malicious code. Source: ghsa-malware b4dd239728dde802ec7a7aadd85d2a9f1c5c3e8b83e5f19b92a2afab16d1cd1c Any...

Malicious code in start-log-backend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 209207b530cc6132d223aef076b74b150c66f7ccdfb2672191a14dee02307daa The package start-log-backend was found to contain malicious code. Source: ghsa-malware...

Malicious code in qxytest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce8a49d4366751e26ed3fc66c1a478073c6d45eb5c8b92975a4827491e8ab108 The package qxytest was found to contain malicious code. Source: ghsa-malware f6079d7fcf20fd88c7195d9f4b2e7f2fcde1e43e6783075abae2b7450da08cfe Any...

Malicious code in chai-async-chains (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3dfd7db9210fae054def8abcb6989e1158a4774dbec18c08ac6eebcbf95ef753 The package chai-async-chains was found to contain malicious code. Source: ghsa-malware...

Malicious code in rpc-validate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6c08295788ac997e7566fad616096d89ea31e26771abbd32fb6d42f199875f2 The package rpc-validate was found to contain malicious code. Source: ghsa-malware 95f6f8651242afb77a3d28835bf912aacbfc4e3abbc3da2313fb6c3bd0c12ed1 A...

Malicious code in stripe-server (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in sq-mdc (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in space-commander (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in queenbee-plugin (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 705c314b786f674b8b06825a6211d1595db25022404041a4d8760b4094e863e1 The OpenSSF Package Analysis project identified 'queenbee-plugin' @ 99.0.7 rubygems as malicious. It is considered malicious because: - The...

Malicious code in prometheus_client_ruby (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in macklemore (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in haybales (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in critter (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in chalk-thrift (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in react-flex-tools (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1ab5b4a0a39a8b9ccc5dd27ea7207f3006128207203ee8ceb99dbef4be0ec9d3 The package react-flex-tools was found to contain malicious code...

Malicious code in json-panels (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14bb299cb1e56d4f7b4d57f302ae1b026008c1774c15d82f34339ce9aca711da The package json-panels was found to contain malicious code...

Malicious code in elf-stats-whimsical-cocoa-243 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a2cc53399082cbb4f8892379f948e5f722e61eadeea23b223f26369651efefa0 The package elf-stats-whimsical-cocoa-243 was found to contain malicious code...

Malicious code in elf-stats-sleighing-hammer-902 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b59e6f3e736d07e9305a2c51519d0635a8c24eca451d83955f59221c5f5fb29 The package elf-stats-sleighing-hammer-902 was found to contain malicious code...

Malicious code in elf-stats-glittering-cookie-844 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 35d3fbb5614bda10029530cf75770c8dbd32439a26872c6f095c738d2ab33b21 The package elf-stats-glittering-cookie-844 was found to contain malicious code...

Malicious code in chai-as-validated (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ac732b7c822ce779d3d7579dba60aef4d3d11aadbd5ee31db0eab0e240833634 The package chai-as-validated was found to contain malicious code. Source: ghsa-malware...

Malicious code in assert-json-not (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad56c36eacf8881039723de4379e14983280b611dba15585274909b1a3c1b326 The package assert-json-not was found to contain malicious code...

Malicious code in dc-extras (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ebfb103084f405558fdf917f0a86459bab97acfba22382d7f24afdb54d9964bc The package dc-extras was found to contain malicious code. Source: ghsa-malware 39af403fc6b31b58318c30ecab3f3348a044fd0a6d7918d7f355921c639f85aa Any...

Malicious code in airslate-dep-webpack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91777938469aa47ed3a4eb51c82af2752f2dd57b232978a88bfacdd3b82b1fe1 The package airslate-dep-webpack was found to contain malicious code...

Malicious code in unizip (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 36d788bf5be2a646474da2cb929d2b24c328cd5bbd997697780a15da181d1053 During initialization of the archive-support class, the package download and executes remote malicious code --- Category: MALICIOUS - The campaign has clearly...

Malicious code in github-badge-bot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f427bc7bcd3bfb173311bffdab461e2c6fc5350dc9ab3f7dc5e9a4ef6d16728 The package github-badge-bot was found to contain malicious code. Source: ghsa-malware f87cd6af8d38dd37db1b6aca4f637451fe3303fa73ed0705216e3711bc4d01...

Malicious code in runtimeutils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4d312906cc585fcd02b2ac0b52bb04a23b0294532e3625c7f5e27bf1e4b51e4a Importing the module, downloads and starts a malicious executable identified as infostealer. Based on Telegram links, this is related to the 2025-12-synium...

Malicious code in meta-code-verify (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dfe9ef66b25262f4d7762d8eb0da5f1eb463ee0dce0e8c8a381afafafc7ac364 The package meta-code-verify was found to contain malicious code. Source: ghsa-malware 20e17f2a738903ebfbb0686c72b499a7788fb35d071f3a6d2abf01b71204cb...

Malicious code in jest-stable (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d02daf523039c3df603f4e65bf270eab31b72c3d891d9be87a53c99c77950bfa The package jest-stable was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in ddos-gacor-v2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32622783fe9401d4c567f638a03e43b4559383e7f853ff0457f7f301420f95e9 The package ddos-gacor-v2 was found to contain malicious code. Source: ghsa-malware 3192709ec1aa7bcf745ab018eb8d6a537ace33453acda64299ef30193f8d64a9...

Malicious code in wifi-killer-xnet (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc233a0f06c7d7ecc69b5b2166295c9e8b63c8c05198355f8f80295907125e17 The package wifi-killer-xnet was found to contain malicious code. Source: ghsa-malware 98f1d50e89f69d69cfae05f464ddc4db1ea8e83fb48168cad1f75c87d4705a...

Malicious code in zebracros-bahlil (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd1584c60176e7489fa7d40f80dd373fc228d0cb39052fb1e6b5e638f955d229 The package zebracros-bahlil was found to contain malicious code. Source: ghsa-malware c31864656b362790c68a366d8374f2f6ab6b6d8ddf9c04f49cca4eceee2a9e...

Malicious code in sonia3-npm-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 339534853ebcb623a903a0515ab9ae854edaac8fdfec58d3edb454c501238d19 The package sonia3-npm-js was found to contain malicious code. Source: ghsa-malware 3b951ad6a6c46f78a032c0c93db496b6b13cfadccf178f195cd6c3f28531ed1e...

Malicious code in yt-smm (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3641ecf42237a55c9fb81c4368aa7b83a42d2110a64a733f45d27005cf38dc26 The package yt-smm was found to contain malicious code. Source: ghsa-malware b4d96978cd4e109ed8b360f551af24fd1621dd659f63a490c9de077b587f607b Any...

Malicious code in pwnxmljs2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d75eeb837f4024f3920feb26929799feba135cabde043784e6c507307f53e93c The package pwnxmljs2 was found to contain malicious code. Source: ghsa-malware 9af680322f600f8fa1071354bd332d92ccbdf912f8005a7eb68aff2f2b895b79 Any...