226442 matches found
Malicious code in sq-minimal-feature-flags (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in rubylogger (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in resolvrtest (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in rafka-rb (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in doctolib (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in suficloud (PyPI)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in prometheus-analysis (PyPI)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in elleuchdhsolvepwn (PyPI)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in bsure.utils (NuGet)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in rowrap (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 606ce541a3ef4a98e4e1639e96c6431e7ec83be6f987c640a63c03991eae4f6e The package hides code to download and start malicious script containing malware, identified as adware. The triggering method seems to be PTH file, although it...
Malicious code in ember-power-calendar-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55191162c66f85fd90f4c2bb6354b569a7ab7cdc6a380289defcc8be784ed434 The package ember-power-calendar-utils was found to contain malicious code. Source: ghsa-malware...
Malicious code in graphlib-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6fc5e5e2ae1439a28be92e99758c3253bf2bd09a568712a5d0725553b4836eaf The package graphlib-js was found to contain malicious code. Source: ghsa-malware 375768659fc55b18acf652226fabd9052c10c4f88d36f150317532bc8661df13 An...
Malicious code in n8n-nodes-format-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b8b8fc0a97b9f9e3203a35534d7ff6518dbe0e53753093610315382e5f40b0e The package n8n-nodes-format-utils was found to contain malicious code. Source: ghsa-malware...
Malicious code in @jaime9008/math-service (npm)
Package classified as malware due to code obfuscation, use of eval for code execution, and a low number of published versions. The file lib/lib.js contains same obfuscated malware dropler as malicious react-refresh-update package, the author is same for both pacakge. --- -= Per source details. Do...
Malicious code in typescript-vue-apollo-smart-ops (npm)
The package 'typescript-vue-apollo-smart-ops' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in transform-dev-warning (npm)
The package 'transform-dev-warning' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in vue-scoped-css (npm)
The package 'vue-scoped-css' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.co...
Malicious code in transform-member-expression-literals (npm)
The package 'transform-member-expression-literals' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2...
Malicious code in transform-modules-systemjs (npm)
The package 'transform-modules-systemjs' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in transform-react-jsx (npm)
The package 'transform-react-jsx' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in @storylane/uikit (npm)
The package '@storylane/uikit' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in transform-es2015-duplicate-keys (npm)
The package 'transform-es2015-duplicate-keys' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in transform-for-of (npm)
The package 'transform-for-of' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in transform-typescript (npm)
The package 'transform-typescript' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in dgl-cu117 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4f9fcfe9f469df3c132eca5b08bac4a30c146c7b1305f506fd900b1e78581b0d During import, package decrypts and runs a malicious executable. The executable is hidden in an encoded and xored form in the JSON resource file. This is a...
Malicious code in fastapi-middleware-cors (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 305178589615e2247b892b3e305e5fd69a0fc02092f0b115b6b384441f5ddd46 Library disguised as FastAPI helper is executing obfuscated code during importing the module. The code is highly obfuscated; the code seems to contain an...
Malicious code in tradepmr-fusion-core-drzak (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c349b8764d0420102fac6617d31810af64e670f6939bed61097a46458ab41c4 The package tradepmr-fusion-core-drzak was found to contain malicious code. Source: ghsa-malware...
Malicious code in spectral-corsair-my-backdoor (npm)
Malicious package detected. Suspicious preinstall script exfiltrates data to a remote server. Multiple YARA rules and LLM analysis confirm. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0826a28f7948e68cdddd6260a01c3653a7f04deb2c9368054243ed47713ee353 The packa...
Malicious code in libsignal-mod (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 211e000c840d09f14adc470cd83c124e8a4e49249e78c8a759693e3678c63da2 The package libsignal-mod was found to contain malicious code. Source: ghsa-malware bb9ca486dd8fcc83473d13eb8fd8c5f8881d2be2d8301a167de2d40ad8513c51...
Malicious code in collectables (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e007c43e26edb912325f1478ec6cd5cd838b5d7e5ae62beedd3baa02638b3dc4 Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...
Malicious code in anontest123 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f4d47757d3ee2d0dde7ed82934a06bf64343c344a7b090cf77f05dcd73f813a5 Installing the package starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
Malicious code in iron-fit-behavior (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67d3440b6e1d8f6bfca21cf53c207a766d966cc2ba5033d8557c044c91a8b950 The package iron-fit-behavior was found to contain malicious code. Source: ghsa-malware...
Malicious code in iron-media-query (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 548ed1fd1be98d1ed340a991d8db46117cdd8cdd2a43f625408015ed6714d778 The package iron-media-query was found to contain malicious code. Source: ghsa-malware 159ebd19facb8454d0a41a0815dc3f3c0516dfc4f7a7ac22c5ea3f106fd008...
Malicious code in jsonify-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a8aa1030a7553e5aa40c2770df5c5945ccce7110fbe89a5931b7003453aa08d The package jsonify-core was found to contain malicious code. Source: ghsa-malware 15401bad013f01305211dd3ab1307a4ac9383ef3846645fd154ab648ce77e956 A...
Malicious code in demozecosse (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1fd7840785d53d90edc61c6138072f4ed7a01b35dd05d76d9d6f5343ec93bff7 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...
Malicious code in hostlists-plugins-default (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 21b72625bb74661ae95d3317fe4384105bb6dd6d026b049f84a192aeeeeae9df Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in @shenira/baileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3952357e13678bb1abb18600854c622a3c5596cff93e8cc3ba309a6f51fccb1f The package @shenira/baileys was found to contain malicious code. Source: ghsa-malware a2914e7416552719c1008f077553702efc5d7710bc760aa34eeaeede86535b...
Malicious code in pearpass-lib-data-export (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd09913040448b75ce4023605c2191efccf04f01c8e894d4044e8ee3a04fa67c The package pearpass-lib-data-export was found to contain malicious code. Source: ghsa-malware...
Malicious code in nf-referral-backend-placeholder (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44ad77b1a6ac52b4914c8516043f3f52e27f4a328b2940bf5b4d9c63e66662b2 The package nf-referral-backend-placeholder was found to contain malicious code. Source: ghsa-malware...
Malicious code in spectral-corsair-navigator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4faab7d9e9e24067cf0a0ef23c529b2622cbb91b654a35430742ec584b827a54 The package spectral-corsair-navigator was found to contain malicious code. Source: ghsa-malware...
Malicious code in dakhara (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f530f4be41fa64a7275884280c22fb98a85accb8ef50538cd7677a109bfe3e29 Running the package automatically starts a Telegram bot waiting to execute remote commands. The bot credentials are dynamically collected from the pastebin. --...
Malicious code in optimal-spark-config (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a1c1bf78d6e3b593fd29329b4175a48c645abf4b4b63e93db68f25221329d14c During installation, the package starts obfuscated code that attempts to exfiltrate some basic information using DNS requests and then likely cover tracks by...
Malicious code in demo-pipelinetest (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8cdbe67e8fa0e92aa8f588916bbaf7b0c041cd6613636172f671c1a6251df15e The package demo-pipelinetest was found to contain malicious code. Source: ghsa-malware...
Malicious code in gaia-marionette (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81308c35c4cad5bf3f87f791133f9aff53485b715060135829785be1d33b2e1d The package gaia-marionette was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in turbo-json-parser (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a239b53ed6cbc1e72aac660afa08204b9de36dae39068c30cf175ddd390b4fd1 The package turbo-json-parser was found to contain malicious code. Source: ghsa-malware...
Malicious code in typescript-constructors (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 844c09a21118cd1492d232a90aba55fce7e45e4558fe560c47b8a8c347138b89 The package typescript-constructors was found to contain malicious code. Source: ghsa-malware...
Malicious code in tailwindcss-forms-component (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66a402948dc389c4a201ac4271a843d78a5131d377a3904fe178b51c6aef5adb The package tailwindcss-forms-component was found to contain malicious code. Source: ghsa-malware...
Malicious code in bmath (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b73a3f9e6d238ce5727a57fc31cba103d7e055670b067f001099b8f0c487519b The package bmath was found to contain malicious code. Source: ghsa-malware c3d39abb57e51336f455810ef3c907094fe6636bd1c6acf046edfa02720968d6 Any...
Malicious code in @powpegtest/powpeg (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0acf5c813243b7a0b83c02048de4112604eb9ad97d612f3822206a0cfbf174ad The package @powpegtest/powpeg was found to contain malicious code. Source: ghsa-malware...
Malicious code in demo-ip-package (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94f9378de5524843952c850c47aae7cc5373145c2b41032b764da720e9a0656f The package demo-ip-package was found to contain malicious code. Source: ghsa-malware 9377708b245cac5b751ac6dc75d9218b993bcb4cebed6f2049a542868f5df31...