225893 matches found
Malicious code in test-mal-npm-pkg-2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f9e953edc529bc6611e9adac05b4738ab0ea950259e50cb2ea1067f07d9ecf7 The package test-mal-npm-pkg-2 was found to contain malicious code. Source: ghsa-malware...
Malicious code in pino-sdk-v2 (npm)
Malware detected: Exfiltrates .env file keys to Discord webhook. Impersonates legit pino package with modified malicious package/lib/tools.js. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 093fa98258b33a735216506ea119532a3cc24c92359028b4bb1955d0b712951a The...
Malicious code in @imhuman/corp-build-utils-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6184a6191df94d0d85ce593a41435ea200b954b17ce7a90c83cd1fb6ec5453db The package @imhuman/corp-build-utils-poc was found to contain malicious code. Source: ghsa-malware...
Malicious code in @imhuman/fw-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f21f635d2d8fbbcc0d1422e1b08e8b71b8efd04e68216dc4eb8ffaec0208f967 The package @imhuman/fw-logger was found to contain malicious code. Source: ghsa-malware...
Malicious code in pear-apps-lib-ui-react-hooks (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 325efdb6f86d5a55bf6cf0630f6fc6be87fbe387047929a31e4e5e55a8ea6cdf The package pear-apps-lib-ui-react-hooks was found to contain malicious code. Source: ghsa-malware...
Malicious code in pearpass-lib-data-export (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd09913040448b75ce4023605c2191efccf04f01c8e894d4044e8ee3a04fa67c The package pearpass-lib-data-export was found to contain malicious code. Source: ghsa-malware...
Malicious code in pearpass-lib-data-import (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1ab28e159d40d36665a0a745f8ff8a2f9d55884bfaff1f019638560083aaf42 The package pearpass-lib-data-import was found to contain malicious code. Source: ghsa-malware...
Malicious code in spectral-corsair-navigator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4faab7d9e9e24067cf0a0ef23c529b2622cbb91b654a35430742ec584b827a54 The package spectral-corsair-navigator was found to contain malicious code. Source: ghsa-malware...
Malicious code in pearpass-lib-vault (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9729170ea50dd87efd7011a6f482d6ddae18cb1c53f5fd755c3ce10f9e23448 The package pearpass-lib-vault was found to contain malicious code. Source: ghsa-malware...
Malicious code in dakhara (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f530f4be41fa64a7275884280c22fb98a85accb8ef50538cd7677a109bfe3e29 Running the package automatically starts a Telegram bot waiting to execute remote commands. The bot credentials are dynamically collected from the pastebin. --...
Malicious code in xrpl-dev-portal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e19d7ccfb5e9bebce90f062b458b8ac38691519308db3cb6bf846b54a387dad9 The package xrpl-dev-portal was found to contain malicious code. Source: ghsa-malware 4fda3daad7ee020ce9cee13e48a40a89de8040cc479f0c4ac9687198ccd576c...
Malicious code in demo-pipelinetest (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8cdbe67e8fa0e92aa8f588916bbaf7b0c041cd6613636172f671c1a6251df15e The package demo-pipelinetest was found to contain malicious code. Source: ghsa-malware...
Malicious code in chai-as-mock (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 303ff6a2f2561ea67c1d084cbfc1ebdd5364668aab3d06257cb2cbeea42ce5a3 The package chai-as-mock was found to contain malicious code. Source: ghsa-malware 6ab0e6eb41241ac06a623d9e7fa230c2d68067904fd48aa422ab8c2db1cd23e4 A...
Malicious code in cmc-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7378c3fbef6f6a80690e0834d8bb1b459165cc9b55bc4d2ac2dcc0c1a574983a The package cmc-client was found to contain malicious code. Source: ghsa-malware 5986e6b65452c046e565efac71b9b6ce753244cfb1c7f2d7ce11751a5f827f69 Any...
Malicious code in tailwindcss-form-bundler (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a2a9c57883700b802e8a250afb6d3e95ef2ea31ab9a699b1bf339a9843fe430 The package tailwindcss-form-bundler was found to contain malicious code. Source: ghsa-malware...
Malicious code in tailwindcss-fonts-bundler (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 111ae70ed7d5ecb92401f00f8d9309b7cc99749c16a3ffab3b448b02b8224037 The package tailwindcss-fonts-bundler was found to contain malicious code. Source: ghsa-malware...
Malicious code in tailwindcss-forms-animation (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b5581b4e4ac6d5e02fe8dd2de23b1267ad2ac1b40a0c5be4cd284af8c6979588 The package tailwindcss-forms-animation was found to contain malicious code. Source: ghsa-malware...
Malicious code in mongoose-apis (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8158b4b1cc5affba57a810926c5765a7af056b7e89cf2ce07da0615144bac920 The package mongoose-apis was found to contain malicious code. Source: ghsa-malware b967e890598bf7e59192b0eb97d1c9ef5d00f60f2730955e684e67b3acfe888f...
Malicious code in typescript-constructors (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 844c09a21118cd1492d232a90aba55fce7e45e4558fe560c47b8a8c347138b89 The package typescript-constructors was found to contain malicious code. Source: ghsa-malware...
Malicious code in selfbot-lofy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ef24f8180f463b198ff4fea466684c4439a31102aead233f8faa51b587ac0bb9 The package selfbot-lofy was found to contain malicious code. Source: ghsa-malware 1af8492fa4885fa5b969d5ef3947595dffa2f959bb4e1de73b9ca504dec215a8 A...
Malicious code in @powpegtest/powpeg (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0acf5c813243b7a0b83c02048de4112604eb9ad97d612f3822206a0cfbf174ad The package @powpegtest/powpeg was found to contain malicious code. Source: ghsa-malware...
Malicious code in demo-ip-package (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94f9378de5524843952c850c47aae7cc5373145c2b41032b764da720e9a0656f The package demo-ip-package was found to contain malicious code. Source: ghsa-malware 9377708b245cac5b751ac6dc75d9218b993bcb4cebed6f2049a542868f5df31...
Malicious code in hiagentevilmcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e09d1f143c91999c7fa8d60f7aa4164df3faf284036d40e6b655020c49bdb83 The package hiagentevilmcp was found to contain malicious code. Source: ghsa-malware 209c7d8065878076cf2456b7c62417093a08c273371a3bcc6059b240be5b3223...
Malicious code in @snazaah/davey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e0f71f42be87797ef9a1316bba8adb9bdef08cc765a42d1b707487f790846af The package @snazaah/davey was found to contain malicious code. Source: ghsa-malware 1e647d7cf3afc1b7a160585b664e75a2515b6b9e00925bdbc30e20625731d490...
Malicious code in graph-dynamic (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8fc9e411d29d7d359cf81fe3140dc3cee9d1583e20ad8bbf32ca9fb9e6e09860 The package graph-dynamic was found to contain malicious code. Source: ghsa-malware 2662ddb0770767495266ae6388242dbeb6fd0dfde8015252228968e4d28e1ad1...
Malicious code in @yazxzpedia/baileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08315dc93aa54eae49255b5673bbab178db235ce913d7208ba61bcdae34949c5 The package @yazxzpedia/baileys was found to contain malicious code. Source: ghsa-malware...
Malicious code in pool-check (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 307e708d931ed9e7fc3cadd2e2daf55f69a216e6048275ae16db575e4939c805 The package pool-check was found to contain malicious code. Source: ghsa-malware 2da2c8462239a3dee4b27482f6d094115705cafcf589553f6836bc871a921ae8 Any...
Malicious code in wisecloudsecrets (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e4ed4357b3e8038ef404e043cc63aafe6484b20d94267c4f024a27d840a4a2fc During import, only in specific environments, a module containing code disguised as telemetry is imported. This code then exfiltrates sensitive environment...
Malicious code in fwk-amigapython (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8b565888509e90341d144143aa8e323b0e295d74f3857af52d94930d9d03a30f During import, only in specific environments, a module containing code disguised as telemetry is imported. This code then exfiltrates sensitive environment...
Malicious code in colorize-console (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f4e60bdcd92f4f5690797fa091f0acb0a463de5c353ded0f6f5e7317a2f84eb The package colorize-console was found to contain malicious code. Source: ghsa-malware a0e5faaa04c5e7d06c634dc2be1f148aa27acb8842f1731dad902bdb3e33d1...
Malicious code in @daffadeveloper/libsignal-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 56c4d6e1233759183f848159d1b47ee443d914e4ce13251df4518a1a5becdbc6 The package @daffadeveloper/libsignal-node was found to contain malicious code. Source: ghsa-malware...
Malicious code in ts-big-number (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 644a6ea1bec80a1e6f2dd3ee69a62602237f916e6b2877e126e18d8ef5b7f691 The package ts-big-number was found to contain malicious code. Source: ghsa-malware 490d5033b9169ec80de58a0c2bb8bdbfe435f06200e0b7cc729ce393f2449d40...
Malicious code in js-nodecat (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38c204576b5f5aefba60246b88360a50e23f958c2023883088bdf6a151ccb7d9 The package js-nodecat was found to contain malicious code. Source: ghsa-malware 1f19647e158d2037b4d4d79e931211560b4b7c72e33defc94f8c4552775f601b Any...
Malicious code in hapi-lint (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 90adf52f1b608bcddb8f6471e64ded19817bef1b8aa1715256182f0e7a3ab690 The package hapi-lint was found to contain malicious code. Source: ghsa-malware 388b8a57423bf6789ce0a82c22d6856663fcbc1cd2ff7ce5c6f7ef701567c19e Any...
Malicious code in formmiderable (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a421f6bd77d5bfcd4d08aaedcffd8b55c430c85084ccce52372a6700eaac6d50 The package formmiderable was found to contain malicious code. Source: ghsa-malware 5d9ce26e5d5c2d433753869317d12725c4dfdb05728a86f4acf96b75f8d16d50...
Malicious code in pyclogger (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b43b78466684583bb9a90ced072406566a033523e3b0d2b9032a4dae763ac84c Package contains an infostealer exfiltrating Discord tokens and saved browser credentials to a hardcoded location. --- Category: MALICIOUS - The campaign has...
Malicious code in @dgxeon/libsignal-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 431d9b11b162e92f20bd17a9dfcc9f722baf4fb83f1d813d4f5ab29c590f837f The package @dgxeon/libsignal-node was found to contain malicious code. Source: ghsa-malware...
Malicious code in @skyzopedia/brat (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b7928fe6b128de0686bbc2619dd9015f58d8f2a38d50911f33d8886b323c6df5 The package @skyzopedia/brat was found to contain malicious code. Source: ghsa-malware 0eb0067d76f7f026901f7d29398dd55485b8fa6a59af7bdbfbdb40d6f97b7e...
Malicious code in @skyzopedia/baileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2374557a2e5bb837db215803d8633eccba2c9eb2ba8ad4ad709f7e93246e117b The package @skyzopedia/baileys was found to contain malicious code. Source: ghsa-malware...
Malicious code in @skyzopedia/libsignal-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d2851df7c45fca156556e4b7c5fef4c60ed254a43c4e6e51c6e02d8b5ca5a20 The package @skyzopedia/libsignal-node was found to contain malicious code. Source: ghsa-malware...
Malicious code in @skyzopedia/ubot (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb7b890828aacf5b41748819446c1c5d9627b47ea308e06e68ac2b8c3da1b064 The package @skyzopedia/ubot was found to contain malicious code. Source: ghsa-malware f5c54f0d0ad14b598ab988dc3b30f210453e0c0a4e4c6dc9e7fdc98ab95fb7...
Malicious code in libsignal-skyzopedia (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b81533378b0d096fcc0993f0ed9354dab8557c619e4a872c6a01c4df07aeedaf The package libsignal-skyzopedia was found to contain malicious code. Source: ghsa-malware...
Malicious code in express-core-validator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f4917c569276f08ce3f25d5426d0621945c0664c14badaff37739cde37fba05b The package express-core-validator was found to contain malicious code. Source: ghsa-malware...
Malicious code in nuget-task-common (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 711e93cd10681dc29d8c8eea7b459d982383f7b78d0c5fdc73e9398aff953a90 The package nuget-task-common was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in windowston (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a6a92aff7b9a6be04f3050f1895e2d53e77dd8c9eba110c970ab59c7d003d81 The package windowston was found to contain malicious code. Source: ghsa-malware 87bbab5dffef9e8b05cc36129ad2ac67f2c980f4b85ee393b0f23ee8fa15fd85 Any...
Malicious code in ts-packer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd7ed1f89788c69596bac0f4e3429cfadc252f8f2e7cc255616c6f63ad63d2eb The package ts-packer was found to contain malicious code. Source: ghsa-malware cf93507187d36aaad21ab48b27cbc91258ef6b442053c36ee60cc01adbe7e8b4 Any...
Malicious code in neural-compressor-jax (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 bb1f58a45ef1a06954d1807517faea8790a771906e95a98d571587558244ea3f Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in duer-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a6a00caf26e2e34291c939e8d0351324c884ba9d9c5b74e5cb9c8d78177a999 The package duer-js was found to contain malicious code. Source: ghsa-malware e7255816711503f7b2f4febb10e3d2d8ef36d2e3067366ece224ad3816fbf03c Any...
Malicious code in sample-custom-component (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ade5f035c4d3f9fe74cfc0626c8ac011eeea6e88040376a03abee9cdf05290b7 The package sample-custom-component was found to contain malicious code. Source: ghsa-malware...
Malicious code in @schedaero/react-core (npm)
Multiple suspicious behaviors: suspicious URL, data exfiltration, process termination, preinstall script, and few published versions. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9a3637e4c85401af7944fe82cfd79a91d69797ef89cf50334fc3e5bf4fac0e6 The package...