225920 matches found
Malicious code in syntax-async-generators (npm)
The package 'syntax-async-generators' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in declaration-block-no-ignored-properties (npm)
The package 'declaration-block-no-ignored-properties' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2...
Malicious code in transform-proto-to-assign (npm)
The package 'transform-proto-to-assign' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in import-newlines (npm)
The package 'import-newlines' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in test_pkg_forppe (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb7a0a95274f0d2d68d1bf6fc49d05bfc1b8a7e041147c0597e8db59c5552015 The package testpkgforppe was found to contain malicious code. Source: ghsa-malware 4f40eeeea0e63ed3d90dbfcf8f947f134cf561db8c1775a61ae4099c71c926e4...
Malicious code in twitch-security (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4f99261d9b844b178048388c92a488b23fa3bf806bbedbcc40108cb97f0b7087 The package twitch-security was found to contain malicious code. Source: ghsa-malware f46d2713d7df72180db5cb77dcd0cefbbffa8baa5a245e376ab250a84d29fc2...
Malicious code in solana-pumpfun-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 25b5c167c097f41d490f55b16ad2263c163b7afb898528dafb13a74f513b9181 The package solana-pumpfun-sdk was found to contain malicious code. Source: ghsa-malware...
Malicious code in @dinzid04/baileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e75cf71f0ce959b1ec335f4481db2cc423250422c02e9bf33d40e12b6f541760 The package @dinzid04/baileys was found to contain malicious code. Source: ghsa-malware...
Malicious code in cortana-md-bot (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 686dc6172d061151a94189d41cd564a6127d00f10af75880962a357301ec135e The package cortana-md-bot was found to contain malicious code. Source: ghsa-malware a712b3a56136d272ebf1a688ff9ea1cc572023730622963df1e6e82389177d28...
Malicious code in meta-internal-logger-drzak (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1483f98fd78866cc6a27d31d99659bbb2912ec70d8771a004837f6fa46661a78 The package meta-internal-logger-drzak was found to contain malicious code. Source: ghsa-malware...
Malicious code in fusion-internal-common-drzak (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a185377a78b169ac6bc30d82d4ba1031a1a2b7024e15a17ae5a2df8bc8fefc2 The package fusion-internal-common-drzak was found to contain malicious code. Source: ghsa-malware...
Malicious code in collecters (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c17c6bb947662d942c27cdf7ca9572536ea97f7864070648eb417277cad2e71e Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...
Malicious code in libsignal-mod (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 211e000c840d09f14adc470cd83c124e8a4e49249e78c8a759693e3678c63da2 The package libsignal-mod was found to contain malicious code. Source: ghsa-malware bb9ca486dd8fcc83473d13eb8fd8c5f8881d2be2d8301a167de2d40ad8513c51...
Malicious code in b2b-common-cb-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0699be4242e2a015c76aad1b5ee1f2482f01a59017778511108ed33b8729a8e The package b2b-common-cb-lib was found to contain malicious code. Source: ghsa-malware...
Malicious code in jinja-template (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e79b3bda068fff4a0d32858209d995e311925bda047742e96a1c4bd5424083a The package jinja-template was found to contain malicious code. Source: ghsa-malware 777241a05ff1b9cafa5358e6127f852378179af0ed1c2c6c1ccea769cd94b398...
Malicious code in safetest123 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 697641cf873581d63edc257a57ab2bef9e6662b8c6afbe7917fef190e539df39 Installing the package starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
Malicious code in gamma-api-provider (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e0c08011b9300cb8b734d3d0bebc12d47ba78173fd7bb3b676459217b0c2d367 The package gamma-api-provider was found to contain malicious code. Source: ghsa-malware...
Malicious code in mui-path-imports (npm)
The package 'mui-path-imports' is part of the PhantomRaven supply chain attack campaign Wave 4. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in clean-order (npm)
The package 'clean-order' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in sort-export-all (npm)
The package 'sort-export-all' is part of the PhantomRaven supply chain attack campaign Wave 4. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in iron-media-query (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 548ed1fd1be98d1ed340a991d8db46117cdd8cdd2a43f625408015ed6714d778 The package iron-media-query was found to contain malicious code. Source: ghsa-malware 159ebd19facb8454d0a41a0815dc3f3c0516dfc4f7a7ac22c5ea3f106fd008...
Malicious code in bpsm (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5dfe0d38862649d74eb0c306f047d854004293223eae7cfa7f4fc82c9370bd96 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in tw-modern-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5263f4880e1caf988c78cea312bf9087935eadf7367438ca98023d0b03a5ab12 The package tw-modern-ui was found to contain malicious code. Source: ghsa-malware 739792de3e777b4dcdf28cf380425a6e0e3082c65f5f72ff73d4ae60ed685d98 A...
Malicious code in aioutil3 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 cb06e8bed4bc80c83b203abcee07556086a0c41f2b52d72d4a3b3740ddfa95d0 This is a malicious clone of legitimate python-utils. The modified code introduces a function that silently exfiltrates given data to a hardcoded location. Wha...
Malicious code in simple-text-parser (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 028015ffba2e58b87cbc6405ccb9358c194b81fafea44e7359587509510d4027 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...
Malicious code in demozecob (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f6e22f0d73fc85bdf6e0948da43079380af2a809146077afae2fd451315397e0 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...
Malicious code in pyutils-helper (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8b1055c03077c874d21f69aa9403cebd070e2b7398e27b44310c977219bc0e7a Importing the module starts a silent cryptocurrency mining in the background for a hardcoded wallet. --- Category: MALICIOUS - The campaign has clearly malicio...
Malicious code in @shenira/baileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3952357e13678bb1abb18600854c622a3c5596cff93e8cc3ba309a6f51fccb1f The package @shenira/baileys was found to contain malicious code. Source: ghsa-malware a2914e7416552719c1008f077553702efc5d7710bc760aa34eeaeede86535b...
Malicious code in test-mal-npm-pkg-2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f9e953edc529bc6611e9adac05b4738ab0ea950259e50cb2ea1067f07d9ecf7 The package test-mal-npm-pkg-2 was found to contain malicious code. Source: ghsa-malware...
Malicious code in pino-sdk-v2 (npm)
Malware detected: Exfiltrates .env file keys to Discord webhook. Impersonates legit pino package with modified malicious package/lib/tools.js. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 093fa98258b33a735216506ea119532a3cc24c92359028b4bb1955d0b712951a The...
Malicious code in @imhuman/corp-build-utils-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6184a6191df94d0d85ce593a41435ea200b954b17ce7a90c83cd1fb6ec5453db The package @imhuman/corp-build-utils-poc was found to contain malicious code. Source: ghsa-malware...
Malicious code in @imhuman/fw-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f21f635d2d8fbbcc0d1422e1b08e8b71b8efd04e68216dc4eb8ffaec0208f967 The package @imhuman/fw-logger was found to contain malicious code. Source: ghsa-malware...
Malicious code in pear-apps-lib-ui-react-hooks (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 325efdb6f86d5a55bf6cf0630f6fc6be87fbe387047929a31e4e5e55a8ea6cdf The package pear-apps-lib-ui-react-hooks was found to contain malicious code. Source: ghsa-malware...
Malicious code in pearpass-lib-data-export (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd09913040448b75ce4023605c2191efccf04f01c8e894d4044e8ee3a04fa67c The package pearpass-lib-data-export was found to contain malicious code. Source: ghsa-malware...
Malicious code in pearpass-lib-data-import (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1ab28e159d40d36665a0a745f8ff8a2f9d55884bfaff1f019638560083aaf42 The package pearpass-lib-data-import was found to contain malicious code. Source: ghsa-malware...
Malicious code in spectral-corsair-navigator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4faab7d9e9e24067cf0a0ef23c529b2622cbb91b654a35430742ec584b827a54 The package spectral-corsair-navigator was found to contain malicious code. Source: ghsa-malware...
Malicious code in pearpass-lib-vault (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9729170ea50dd87efd7011a6f482d6ddae18cb1c53f5fd755c3ce10f9e23448 The package pearpass-lib-vault was found to contain malicious code. Source: ghsa-malware...
Malicious code in dakhara (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f530f4be41fa64a7275884280c22fb98a85accb8ef50538cd7677a109bfe3e29 Running the package automatically starts a Telegram bot waiting to execute remote commands. The bot credentials are dynamically collected from the pastebin. --...
Malicious code in xrpl-dev-portal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e19d7ccfb5e9bebce90f062b458b8ac38691519308db3cb6bf846b54a387dad9 The package xrpl-dev-portal was found to contain malicious code. Source: ghsa-malware 4fda3daad7ee020ce9cee13e48a40a89de8040cc479f0c4ac9687198ccd576c...
Malicious code in demo-pipelinetest (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8cdbe67e8fa0e92aa8f588916bbaf7b0c041cd6613636172f671c1a6251df15e The package demo-pipelinetest was found to contain malicious code. Source: ghsa-malware...
Malicious code in chai-as-mock (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 303ff6a2f2561ea67c1d084cbfc1ebdd5364668aab3d06257cb2cbeea42ce5a3 The package chai-as-mock was found to contain malicious code. Source: ghsa-malware 6ab0e6eb41241ac06a623d9e7fa230c2d68067904fd48aa422ab8c2db1cd23e4 A...
Malicious code in cmc-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7378c3fbef6f6a80690e0834d8bb1b459165cc9b55bc4d2ac2dcc0c1a574983a The package cmc-client was found to contain malicious code. Source: ghsa-malware 5986e6b65452c046e565efac71b9b6ce753244cfb1c7f2d7ce11751a5f827f69 Any...
Malicious code in tailwindcss-form-bundler (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a2a9c57883700b802e8a250afb6d3e95ef2ea31ab9a699b1bf339a9843fe430 The package tailwindcss-form-bundler was found to contain malicious code. Source: ghsa-malware...
Malicious code in tailwindcss-fonts-bundler (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 111ae70ed7d5ecb92401f00f8d9309b7cc99749c16a3ffab3b448b02b8224037 The package tailwindcss-fonts-bundler was found to contain malicious code. Source: ghsa-malware...
Malicious code in tailwindcss-forms-animation (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b5581b4e4ac6d5e02fe8dd2de23b1267ad2ac1b40a0c5be4cd284af8c6979588 The package tailwindcss-forms-animation was found to contain malicious code. Source: ghsa-malware...
Malicious code in mongoose-apis (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8158b4b1cc5affba57a810926c5765a7af056b7e89cf2ce07da0615144bac920 The package mongoose-apis was found to contain malicious code. Source: ghsa-malware b967e890598bf7e59192b0eb97d1c9ef5d00f60f2730955e684e67b3acfe888f...
Malicious code in typescript-constructors (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 844c09a21118cd1492d232a90aba55fce7e45e4558fe560c47b8a8c347138b89 The package typescript-constructors was found to contain malicious code. Source: ghsa-malware...
Malicious code in selfbot-lofy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ef24f8180f463b198ff4fea466684c4439a31102aead233f8faa51b587ac0bb9 The package selfbot-lofy was found to contain malicious code. Source: ghsa-malware 1af8492fa4885fa5b969d5ef3947595dffa2f959bb4e1de73b9ca504dec215a8 A...
Malicious code in @powpegtest/powpeg (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0acf5c813243b7a0b83c02048de4112604eb9ad97d612f3822206a0cfbf174ad The package @powpegtest/powpeg was found to contain malicious code. Source: ghsa-malware...
Malicious code in demo-ip-package (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94f9378de5524843952c850c47aae7cc5373145c2b41032b764da720e9a0656f The package demo-ip-package was found to contain malicious code. Source: ghsa-malware 9377708b245cac5b751ac6dc75d9218b993bcb4cebed6f2049a542868f5df31...