225893 matches found
Malicious code in iru-caches (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bedff4313b653182b12500ff93779e0605bbd045470b58245a0ab47629e3404f The package iru-caches was found to contain malicious code. Source: ghsa-malware 2f24ac88d53abde060c0a707ee445377609019c4e9f93e40218672b204cb50ff Any...
Malicious code in iruchache (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c89a5662924927fa4f51ea9338e9e71722d8554754b9c6a42d20651fbf209ed1 The package iruchache was found to contain malicious code. Source: ghsa-malware b44470c4008c04639889f53b9b4ab430335013659859007be3c55f551d2d68a9 Any...
Malicious code in suport-color (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa28b384b2a4def64b3573ce8177cb8db3790508b4ad7b2b92345ffa222193e8 The package suport-color was found to contain malicious code. Source: ghsa-malware ca2fb15b3d908dd99e112e290646122d415a0a43d135631603a0a007e172ef8f A...
Malicious code in opencraw (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aaed661cc51e76234fc6cba7587b973903e00bbacd33da7114aeb726d957b577 The package opencraw was found to contain malicious code. Source: ghsa-malware 5bc39adf3939792f918a50cbc9a9952a11d950e361d83d5631449f20ad634945 Any...
Malicious code in cloude-code (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ec24ba80068a14617a513915da6a3751b60345b9c1e9144a362c4b85abefdc6 The package cloude-code was found to contain malicious code. Source: ghsa-malware 8da7714f501eed0c20e3432333dc73d1707e7ef16a803df07b6d73fab1945be7 An...
Malicious code in rubocop-vintedmetrics (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c8e90dd88f71e05719940997342cf6a367387fc68045f091a864d8f8e7e62be8 The OpenSSF Package Analysis project identified 'rubocop-vintedmetrics' @ 9.9.12 rubygems as malicious. It is considered malicious because: - Th...
Malicious code in printrables (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 062cd723b198a3d0af641a78b343642653fb80f4cbf527be765bb4e520cbd3ed Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...
Malicious code in ethrpc (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b1eff108aebd0c94cd1b2c9dd2321060f61236e0dbf655c62f729169dcd5d5b3 The malicious code is in the ethrpc-keys package, which is a clone of legitimate eth-keys, but contains a modification that silently exfiltrates the user's...
Malicious code in web3tool (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 50b63ced7e162150a14fbfb557df8683707b72b361caf1243a14468fd910a036 The malicious code is in the ethrpc-keys package, which is a clone of legitimate eth-keys, but contains a modification that silently exfiltrates the user's...
Malicious code in ethrpc-accounts (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6372ce82342ae30022a83501fc348d1c63ec3cb27b19dba0678430efdfeeb077 This package is a clone of legitimate eth-accounts. The malicious code is hidden in the dependency, ethrpc-keys, which exfiltrates private keys. --- Category:...
Malicious code in ethrpc-keys (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f086c363123d21b52dc28b5a642db6c1eb84e01dc519995435476b19655d63a9 The malicious code is in the ethrpc-keys package, which is a clone of legitimate eth-keys, but contains a modification that silently exfiltrates the user's...
Malicious code in ably-forks (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector af3c510b1758cfff971e520dd0a78157b1e35918897519edc2fa0364bc46159b The package ably-forks was found to contain malicious code. Source: ghsa-malware b26088266049a671acc67187ede8f130532eb10e90e61293e96211f7ad0c1103 Any...
Malicious code in pylibcugraphops (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 30ada218a0e5e01ed572fbf9a1ef6b6887f57c21c0d568aa7de27ad97719898d Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in questpro (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 be333f6f44c50eba4d7a7c11754e048bdc2ed092ae58cee1e88cb24225d4d151 When using the package, user's Discord tokens are silently exfiltrated. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...
Malicious code in telebot-infee (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 660cdc2470d38cf51f0a232119dd9765cba56eb66412f12d3c09b40dd7bd8530 The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...
Malicious code in ui5-cap-event-app-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 837e841e2b75385a4e7c030237983cfe52f91373ffa3e56859c7055ac0a80f4d The package ui5-cap-event-app-server was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in telebot-infoe (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4dadd8bb17144a1726c97ec0472de592532f72b8c57fdd87ce1364e43241832d The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...
Malicious code in telebot-infoo (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4a00053312897920b40040788f68a209b63c061000ec349ab3e705675bada499 The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...
Malicious code in abcxyzz (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8b953a8183a1a7ba906c9117e8afe658b2606311b606d8b3ecad680076fc51e9 The package abcxyzz was found to contain malicious code. Source: ossf-package-analysis b22a45e3a267d5930d5e8dfdb52954bf049c7b63a9bdb0818e5daff1191e74...
Malicious code in easyreg (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2897582bf6c0c29d4fc679ee338263019a8a5d5bcb66b5ae2c59454d6c967d6a The package pretends to be a development helper but, in fact, downloads a remote executable. Dynamic analysis reveals actions like disabling Windows Defender a...
Malicious code in pywin-simple-gui (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 43b40c0dbbbc187822a28a401194873adc73d13e531f2789c4227374f7ec9e26 The package pretends to be a development helper but, in fact, downloads a remote executable. Dynamic analysis reveals actions like disabling Windows Defender a...
Malicious code in telebot-infe (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 590d96b39de125e4d96c7b88fdc57ef5257eddbf8277011e51c84e1500302aaf The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...
Malicious code in telebot-info (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 61aec9d37a402659928293fb6a151f72f9de1194a73a519f7e1595e5ed5b719b The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...
Malicious code in vds-monarch (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9fc03a6a0feff43eef44ac91f0e9ce68c422a439528842f139bf1164366c66d The package vds-monarch was found to contain malicious code. Source: ghsa-malware 23d64f4764ccc88b26aa567b6d6828093fe8d35500ac67a19ced44828073dbf4 An...
Malicious code in realestate-ask (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc4db310e1c17bbf02575dc3a75ab56d4d38581001d31617c583443f7d88a126 The package realestate-ask was found to contain malicious code. Source: ghsa-malware 75a155e1870bd51f018f66476427d1da99c87cbbcab800c354dad13f76b67c3b...
Malicious code in polyutil (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 31a0fc68eee0841a78740fd3e3748171612b871b58bf9f3e52b4fa35bed64774 The package is prepared to download a hardcoded executable and save it in %LOCALAPPDATA% under a very generic name, clearly aiming to hide its existence. Code ...
Malicious code in polyclawd (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1f994af0e1b17c0d30e950a5aef9a45d8e34f6f59ab45fadddb05b340ed5cdad The package is prepared to download a hardcoded executable and save it in %LOCALAPPDATA% under a very generic name, clearly aiming to hide its existence. Code ...
Malicious code in compass-e2e-tests (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 27a245065291bd7252411254769a1764aab8e228c8ca161708734a3d47d3c9ec The package compass-e2e-tests was found to contain malicious code. Source: ghsa-malware...
Malicious code in cicibot-fix-message-naming (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7fb20d1d9da8ede0270346034bb6fdca56ef578e35a73b4cb0301664ab4a27ab Importing the module starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
Malicious code in ambar-src (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de85b3ce658bcfa8f19ed5eeddcdf918f1c269d4fb09eb35804eca9a1ef98a68 The package ambar-src was found to contain malicious code. Source: ghsa-malware 1b3e3fc21cb40fafadf65d25ca331573096b3c7e36c681f4ec213b40931296f8 Any...
Malicious code in mds-webcomponents (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b33015300fa18b6b3d2c2f1c0af0e77cbd9fa96c7af7befbe61a5422165824e package.json declares preinstall: node index.js, which runs automatically on every npm install. index.js collects os.homedir, os.hostname,...
Malicious code in webpack-vite (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f7b28a9002453a46c97bba5ad0790e13ba1ba656971e78de46edf6efcd53154 The package webpack-vite was found to contain malicious code. Source: ghsa-malware cd525d679fa448615bd48fe06d94f5cd6d94cb97f6ae72ae6afbb179027cce9c A...
Malicious code in aliyun-python-sdk-v2 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 29bd2455a576643c51939bd166abab847afd04c3142b576e3f9f0c7978763181 Series of packages impersonating Alibaba Cloud. Two oldest hide code to run obfuscated code, but are likely to be used as dependency as the obfuscated code is...
Malicious code in alibabacloude (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c45df7f85cfaba4bf141f0a17ba2d0987e080131bab1f1233798a1287d63fa7f Series of packages impersonating Alibaba Cloud. Two oldest hide code to run obfuscated code, but are likely to be used as dependency as the obfuscated code is...
Malicious code in alibabacloud-code-tool (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5e4d81a71d0710ac3618ec41e8027ee6a96ae9845ca67b33b950c8d99d8d2e8a This package impersonates Alibaba Cloud account and contains highly obfuscated code. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
Malicious code in @qualys/react-web (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c63e27e2c86203c152f6f7bfc30136a44d93bfbc84522fcf86ca97976511a59 The package @qualys/react-web was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in groq-ppe-pkg (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 517d20a09a1e53ce02484aa25ab2483ef75022e96f76d72fe3125bc1e16a359d Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in http-request-toolkit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 13b29a753802db633ab987963543535999a246049761d4d29699b66edf207f13 During import, package masquerade and starts an embedded executable. The executable has signs of infostealer activity --- Category: MALICIOUS - The campaign ha...
Malicious code in malpkgv2-0 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: oracle-using-macaron 1f614e8ee6cce92be8b98394967c253336c0145808962bfda5032f085ece4eef This package executes arbitrary commands, steals sensitive data, exfiltrates credentials, and uses obfuscation techniques...
Malicious code in dns-execution-test (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4fc1fd65caa9c7f199fba16c9d3772c7db895ed78b29130a7ddc3347a4b34ba7 Installing the package starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
Malicious code in clawdist (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3008887b6c2929530cd48dc996c91d70eb92432465d02f4ff28e6d5927350097 The package is prepared to download a hardcoded executable and save it in %LOCALAPPDATA% under a very generic name, clearly aiming to hide its existence. Code ...
Malicious code in ethereums-lint (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bddbe5ea052b93fa04966b01c8302455e06311fd6015aaf9c76c07ba8c8f21c4 The package ethereums-lint was found to contain malicious code. Source: ghsa-malware 7671a5fea1c5f2b0118bd9981213bde2b546a4191a57acd041aed6d8560c0de6...
Malicious code in ethereum-lint (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f139611e5bee8bd888911afc42c4e762ba55dc37cb142d92fe4203209f917600 The package ethereum-lint was found to contain malicious code. Source: ghsa-malware d4db9b610771f0e6a14c8e5de6545323a4041420731492b2265b31ec14fdaa3b...
Malicious code in hops-preset-jest (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8165500e6c415192d0b46d0e106f29fb3ae49fce7538b2da40a9e398998c087d The package hops-preset-jest was found to contain malicious code. Source: ghsa-malware d1e4e88ca9b17e3778d9b7f4aa3d9cb2a94cc7ac234505750c84264eb43440...
Malicious code in tronpad (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6002c93fa065aaf9656b42830fd923134eb1d298d2c07b0d61865395577771c9 Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...
Malicious code in cucumber_json_schema (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f6511110b5695ace5b67288aeb0800934628b5a510045ccf1f62c84011e73951 The OpenSSF Package Analysis project identified 'cucumberjsonschema' @ 90002.0 rubygems as malicious. It is considered malicious because: - The...
Malicious code in marshmellows (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 92a41b4a9b9f5733eae9cfa5ca9c6802d52d803a1835820ee5098f58419fc18e Package is a typosquatting or dependency confusion attempt with a low-harm local-only action, like leaving a flag file. --- Category: PROBABLYPENTEST - Package...
Malicious code in strands-agents-anthropic (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b86e2f5ba17218d5e9377627cc2c437009cc3dc7c6615c87b8317995614288c6 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in requests-toolkit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ccf88804317b4caf9661eb94c320a521f7689c5cf26a8754ec219d268fc9c873 During import, package masquerade and starts an embedded executable. The executable has signs of infostealer activity --- Category: MALICIOUS - The campaign ha...
Malicious code in crc32fast (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3b89c674974bf58c7388a27bf1c6ea954a890de45a3e9ba4830c1eada3a3ea6a Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...