225893 matches found
Malicious code in n8n-nodes-format-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b8b8fc0a97b9f9e3203a35534d7ff6518dbe0e53753093610315382e5f40b0e The package n8n-nodes-format-utils was found to contain malicious code. Source: ghsa-malware...
Malicious code in n8n-nodes-text-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8561abc8b8800ed722b922924d4f46013117dedc5153d4faa18ecfa7f839106 The package n8n-nodes-text-utils was found to contain malicious code. Source: ghsa-malware...
Malicious code in supplychain-security-demo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2655712e00f8c5bf90b5a945bc60c2fd3c109d2719ec7b161114f86343741ee1 The package supplychain-security-demo was found to contain malicious code. Source: ghsa-malware...
Malicious code in @jaime9008/math-service (npm)
Package classified as malware due to code obfuscation, use of eval for code execution, and a low number of published versions. The file lib/lib.js contains same obfuscated malware dropler as malicious react-refresh-update package, the author is same for both pacakge. --- -= Per source details. Do...
Malicious code in polymarket-validator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6c5cc93272b23bb8876a4c2f2ce61ec7887bdeb6b89846a0c385022a156c6ca The package polymarket-validator was found to contain malicious code. Source: ghsa-malware...
Malicious code in pretty-changelog-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64b9f609acf299244364375bad1f58bc65eb5c8b17ca7e9bc92de94aff7e975c The package pretty-changelog-logger was found to contain malicious code. Source: ghsa-malware...
Malicious code in omhcsilence-bails (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f5390575abcab0cfc57edaae4aa14d27eab897c1639fab8a502fcda0760adc3 The package omhcsilence-bails was found to contain malicious code. Source: ghsa-malware...
Malicious code in transform-remove-debugger (npm)
The package 'transform-remove-debugger' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in transform-jsbi-to-bigint (npm)
The package 'transform-jsbi-to-bigint' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in transform-react-jsx (npm)
The package 'transform-react-jsx' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in prefer-let (npm)
The package 'prefer-let' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.com...
Malicious code in vue-scoped-css (npm)
The package 'vue-scoped-css' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.co...
Malicious code in transform-for-of (npm)
The package 'transform-for-of' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in transform-member-expression-literals (npm)
The package 'transform-member-expression-literals' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2...
Malicious code in transform-modules-systemjs (npm)
The package 'transform-modules-systemjs' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in vitest-globals (npm)
The package 'vitest-globals' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.co...
Malicious code in syntax-decorators (npm)
The package 'syntax-decorators' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in typescript-vue-apollo-smart-ops (npm)
The package 'typescript-vue-apollo-smart-ops' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in transform-typescript (npm)
The package 'transform-typescript' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in pear-wrk-wdk (npm)
The package 'pear-wrk-wdk' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.com...
Malicious code in syntax-function-bind (npm)
The package 'syntax-function-bind' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in syntax-async-generators (npm)
The package 'syntax-async-generators' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in declaration-block-no-ignored-properties (npm)
The package 'declaration-block-no-ignored-properties' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2...
Malicious code in transform-proto-to-assign (npm)
The package 'transform-proto-to-assign' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in import-newlines (npm)
The package 'import-newlines' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in jam3 (npm)
The package 'jam3' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.com. During...
Malicious code in typescript-resolvers (npm)
The package 'typescript-resolvers' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in test_pkg_forppe (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb7a0a95274f0d2d68d1bf6fc49d05bfc1b8a7e041147c0597e8db59c5552015 The package testpkgforppe was found to contain malicious code. Source: ghsa-malware 4f40eeeea0e63ed3d90dbfcf8f947f134cf561db8c1775a61ae4099c71c926e4...
Malicious code in twitch-security (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4f99261d9b844b178048388c92a488b23fa3bf806bbedbcc40108cb97f0b7087 The package twitch-security was found to contain malicious code. Source: ghsa-malware f46d2713d7df72180db5cb77dcd0cefbbffa8baa5a245e376ab250a84d29fc2...
Malicious code in solana-pumpfun-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 25b5c167c097f41d490f55b16ad2263c163b7afb898528dafb13a74f513b9181 The package solana-pumpfun-sdk was found to contain malicious code. Source: ghsa-malware...
Malicious code in @dinzid04/baileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e75cf71f0ce959b1ec335f4481db2cc423250422c02e9bf33d40e12b6f541760 The package @dinzid04/baileys was found to contain malicious code. Source: ghsa-malware...
Malicious code in cortana-md-bot (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 686dc6172d061151a94189d41cd564a6127d00f10af75880962a357301ec135e The package cortana-md-bot was found to contain malicious code. Source: ghsa-malware a712b3a56136d272ebf1a688ff9ea1cc572023730622963df1e6e82389177d28...
Malicious code in meta-internal-logger-drzak (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1483f98fd78866cc6a27d31d99659bbb2912ec70d8771a004837f6fa46661a78 The package meta-internal-logger-drzak was found to contain malicious code. Source: ghsa-malware...
Malicious code in fusion-internal-common-drzak (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a185377a78b169ac6bc30d82d4ba1031a1a2b7024e15a17ae5a2df8bc8fefc2 The package fusion-internal-common-drzak was found to contain malicious code. Source: ghsa-malware...
Malicious code in collecters (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c17c6bb947662d942c27cdf7ca9572536ea97f7864070648eb417277cad2e71e Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...
Malicious code in libsignal-mod (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 211e000c840d09f14adc470cd83c124e8a4e49249e78c8a759693e3678c63da2 The package libsignal-mod was found to contain malicious code. Source: ghsa-malware bb9ca486dd8fcc83473d13eb8fd8c5f8881d2be2d8301a167de2d40ad8513c51...
Malicious code in b2b-common-cb-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0699be4242e2a015c76aad1b5ee1f2482f01a59017778511108ed33b8729a8e The package b2b-common-cb-lib was found to contain malicious code. Source: ghsa-malware...
Malicious code in jinja-template (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e79b3bda068fff4a0d32858209d995e311925bda047742e96a1c4bd5424083a The package jinja-template was found to contain malicious code. Source: ghsa-malware 777241a05ff1b9cafa5358e6127f852378179af0ed1c2c6c1ccea769cd94b398...
Malicious code in safetest123 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 697641cf873581d63edc257a57ab2bef9e6662b8c6afbe7917fef190e539df39 Installing the package starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
Malicious code in gamma-api-provider (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e0c08011b9300cb8b734d3d0bebc12d47ba78173fd7bb3b676459217b0c2d367 The package gamma-api-provider was found to contain malicious code. Source: ghsa-malware...
Malicious code in mui-path-imports (npm)
The package 'mui-path-imports' is part of the PhantomRaven supply chain attack campaign Wave 4. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in clean-order (npm)
The package 'clean-order' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in sort-export-all (npm)
The package 'sort-export-all' is part of the PhantomRaven supply chain attack campaign Wave 4. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in iron-media-query (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 548ed1fd1be98d1ed340a991d8db46117cdd8cdd2a43f625408015ed6714d778 The package iron-media-query was found to contain malicious code. Source: ghsa-malware 159ebd19facb8454d0a41a0815dc3f3c0516dfc4f7a7ac22c5ea3f106fd008...
Malicious code in bpsm (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5dfe0d38862649d74eb0c306f047d854004293223eae7cfa7f4fc82c9370bd96 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in tw-modern-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5263f4880e1caf988c78cea312bf9087935eadf7367438ca98023d0b03a5ab12 The package tw-modern-ui was found to contain malicious code. Source: ghsa-malware 739792de3e777b4dcdf28cf380425a6e0e3082c65f5f72ff73d4ae60ed685d98 A...
Malicious code in simple-text-parser (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 028015ffba2e58b87cbc6405ccb9358c194b81fafea44e7359587509510d4027 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...
Malicious code in demozecob (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f6e22f0d73fc85bdf6e0948da43079380af2a809146077afae2fd451315397e0 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...
Malicious code in pyutils-helper (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8b1055c03077c874d21f69aa9403cebd070e2b7398e27b44310c977219bc0e7a Importing the module starts a silent cryptocurrency mining in the background for a hardcoded wallet. --- Category: MALICIOUS - The campaign has clearly malicio...
Malicious code in @shenira/baileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3952357e13678bb1abb18600854c622a3c5596cff93e8cc3ba309a6f51fccb1f The package @shenira/baileys was found to contain malicious code. Source: ghsa-malware a2914e7416552719c1008f077553702efc5d7710bc760aa34eeaeede86535b...