Malicious code in node-dotenv-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 76b47bebee6a74c00d3be10fad072e05074a62b29205377f682463290bad39c3 The package node-dotenv-cli was found to contain malicious code. Source: ghsa-malware 5bb66069e2bde985ae448962eaaf6373cd54aa2cd51fb20a0fef26ecb5dee2d...

Malicious code in sinon-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c9ac1d9ff3647908703db921b2e950e479861f18e7b1bad8377baaa7400d32c The package sinon-node was found to contain malicious code. Source: ghsa-malware 5aa93130bd1915120b30dc2472c774ac984ea2c2166d7865d30fdf8343225f50 Any...

Malicious code in chai-await (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 463f0440f6a90a98f9a12131b19f99b472b0ee82b6feb5b6066996ca4be4e07a The package chai-await was found to contain malicious code. Source: ghsa-malware c3cd8be2d97babb314b0adf3d3b9b6467057d39f64e41afe5d5f33cad5e3fbe6 Any...

Malicious code in python-files-mod (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3f9a5cad398dbfcea1ea0ed1a7b20c678a67941581a4562aa92703ac86ee421a Disguised as file system manipulation library, the package hides an obfuscated code to communicate with a Telegram channel. Though the usage is not known at th...

Malicious code in ci-metadata-python-logging (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b2ec44231abe88a238f040c6ed291532c456a0f07e91b5966a76b5262526672d Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in tablixs (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 46731b2531e50115b70ae49abbd4bd1abb55f364a4cc2d8234c749f750883359 Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...

Malicious code in ntoctfutils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f65404ba7442c7d16e3f569b7c84afc4d1df23f9497ac3a6101d5ec3c168956f Importing the module downloads and runs a remote executable identified as malware --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

Malicious code in jsonconfig-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 883897a307b53ac17e981eac46b8d6f8c31d88fc2628c6d57c5f7f191ed84b81 During installation, package installs a script that listens for remote commands and executes them. The script is also added to autostart configuration and...

Malicious code in npm_cimetadata (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1d7a7d39465b33d104fa6608118d45f3077d7a603292dd367135788a47e182d The package npmcimetadata was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in cryptowallethash (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4d493d3c40b5136dd3ffea29264cf1066247cda3a10094201b4f71554ae3e592 The package claims to calculate a hash value for usage in "cryptocurrency", but before returning the hash, it exfiltrates the plain value. --- Category:...

Malicious code in requests-auth-toolkit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 03bb4c04410c4e3c58d7292eb47f8f76a2fbe5265abea29826ac910e890350d0 During installation, package installs a script that listens for remote commands and executes them. The script is also added to autostart configuration and...

Malicious code in gpu-discovery (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ea1fffa4a4969c85232301df3c8d107642ac143fbf51600d166cfd2f8d536e10 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in rzr-home (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 14fb9c76cd89c8c46f6d961d450c57fcc5f454cd3ce67a53a1868ba36f66fec1 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in amplify-python-logging (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2e12fee1c4154d81de6e4575af21aa6a760da4f5694746264a2de50e2c5782fe Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in vllm-plugins (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4fa0706d497278a502d158c89d51645a6f4e8187ca325aacaa59facccf542a03 Generic campaign for all likely research / pentests, where the amount or art of collected data raises questions about the privacy, security and ethical side. -...

Malicious code in requests-core-plugin (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f7d809caa4cb4961377b3c02a06f90ce19136a36297191248a8c6cd289a809f2 During installation, package loads obfuscated code that then downloads and starts an executable. The final executable is identified as malware and appears to...

Malicious code in lyroxpy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a9016ac99840c4d68028c7b724382974154c9bf75b410da9c6b4a75ff6d20b1f The package contains an embedded archive with an executable. When importing the module, the embedded archive is run as a module. Code inside extracts the...

Malicious code in search-newfrontier-podlet (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a6e41804eeb58691ca7b68763c0db9e48636ffeb9d7020d95bbc9d9e9aec6e76 The package search-newfrontier-podlet was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in notification-saved-search-settings-podlet (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2059b78866965dce7f68bf358485c0f98eeb6c9befcf4455115c5d8623013e7f The package notification-saved-search-settings-podlet was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in search-savedsearch-podlet (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 878a9c43dd8ff489c2771eb72e59389391267772d0e64b6dea94a657d0ca7b3a The package search-savedsearch-podlet was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in myads-layout (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d196800be4de842ce4eb526181a86b7d78e5e3851954256a68d9cda3dab4a89 The package myads-layout was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in realestate-atlas (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6230992468654fdc80201d169ead3ce06356bb7cf36f8367f076d438035959a5 The package realestate-atlas was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in @reimorg/config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b715386d6331820f6ad234559c9b38d82c81bd4e0ff2ba695a8f509a4a0b9d81 The package @reimorg/config was found to contain malicious code. Source: ghsa-malware 01b3357726455a4a24aecc9b4255f7ea96cab434482b28a50e5d48f06e3cf1d...

Malicious code in @uniconvex/dotenv (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9923bfe725516dd977cac2af8acddb303e705ef37278ce10e2b84027511df62 The package @uniconvex/dotenv was found to contain malicious code. Source: ghsa-malware...

Malicious code in express-configer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e492b9087ab21198777e586b9d21eade1fe2948bb67f1ab484c7274056861276 The package express-configer was found to contain malicious code. Source: ghsa-malware 8484436a0b43b94054c0fa7ceb955362a6557d9bef3019e2fae2e51e42ff1f...

Malicious code in aligners (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5d584eeb0828c4c86b7ae383fff091f8bb711aff14a9d8a507bfdd0ada40ecb5 The package aligners was found to contain malicious code. Source: ghsa-malware fa92eba5bbd1fb9325eefaa7c363cd2827b4b4e381776d06090a0cbb001d96af Any...

Malicious code in sap-code-style-guides (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13203a88392c91986f587e28ca25120b54f0c4d4ee5dd2c330c2bbbe6243203a The package sap-code-style-guides was found to contain malicious code. Source: ghsa-malware...

Malicious code in chai-as-approved (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f623e45c7742d5a9190e736f51777bae77297d5abeafd8c21679bd40b729034b The package chai-as-approved was found to contain malicious code. Source: ghsa-malware da0fdbfe00f6e097edd25bc90bfbac03e97c871951995b5d58f06b348d39c8...

Malicious code in bigmathix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b200be57a4cdb466d56397968f69dd3845955ced56c5229608dbf03762106ff9 The package bigmathix was found to contain malicious code. Source: ghsa-malware 5fce43c0e03186c2441c8a54be7cb130625459fe9179665e242f223f0c7d2944 Any...

Malicious code in graphflowx (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f4266b530d4c7c33d31f0b615033dac2a3a57218c537f1d13449342f0fbbc29b The package graphflowx was found to contain malicious code. Source: ghsa-malware d297a9f3d4e974972015d3869473fee386c696410e1746be7088d2ad5d0bf69e Any...

Malicious code in narrow-array (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 508eafee6916ba29ade3caf0722e7bffe693e53fa35a4e74f0dc385950778f34 The package narrow-array was found to contain malicious code. Source: ghsa-malware 8bbee1a11c9aa9d6feb751063161f9802c6245890a9764cdddf190d3357df462 A...

Malicious code in testppe-pkg (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 49f139a3af58a80c706b3bc4b6c38676411528f34be00c79351705767f39eaa4 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in dev-pipline-test (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 20dee9221f632983ab927b06c661fda3edf9bea9f5369620acdea3631511876a Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in devtools-webhook-cicd-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 807557cb6ac51aece00eeb28f55b89815176c95172780dcdded46b667f843771 During installation, package installs a script that listens for remote commands and executes them. The script is also added to autostart configuration and...

Malicious code in ntoutils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 15b6e8b1974bbd5ee6ee5e5abe0619080d87644b200fd8fc410f70a2f23213ff Importing the module downloads and runs a remote executable identified as malware --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

Malicious code in jwtdotenv (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bafc6df342437c7ecab65fac0d10d4f37deb16e983a008ae6d87ee4dd368b4c6 The package jwtdotenv was found to contain malicious code. Source: ghsa-malware 30cfddaf043abb6549e21d69c8b779ffe56c9db1013cd885c6ee955a14ec4aeb Any...

Malicious code in json-mapping-sources (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 77824e69a815d8ac27a50bb52fa0a39fe2c7e512e6597d3aefd500b0eae847e8 The package json-mapping-sources was found to contain malicious code. Source: ghsa-malware...

Malicious code in json-web-sources (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b1334dba3ed3954154395d5993332e1deb8b238be09d0adcd260e3b35d98acc The package json-web-sources was found to contain malicious code. Source: ghsa-malware 7b5b7f3896b01dd45503daa7565b91666029b06751c908d7e41fa1ccd23ca3...

Malicious code in react-svg-handler (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 63577e9faa19bf76dac1f171ee006ed6801a0726d5782ae1246bde01b508a7ad The package react-svg-handler was found to contain malicious code. Source: ghsa-malware...

Malicious code in thecorrectjames (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 53ae167216303d3e0d2eda2b5321b60fc5bf9431e16ae0caa507123ba45661a1 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in ctf-pipline-test (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 083eedb7c9187410d3470ab27415ee2e6a7683ef92bafce123198ce9882e07a4 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in @skyeng/libs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f4b92505d9c0107026c2298d6ec8da504657990b61e40754b62b2cb8e1bd5a0b The package @skyeng/libs was found to contain malicious code. Source: ghsa-malware b4801b107979e502d4889dc729885a390ebfc2db995cd1b2fd23d27e09613a1b A...

Malicious code in http-notifier-test (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 876fd5ae23d7c051fa55647bc5b152a7905505782e78ca9536b161318d2e000f Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in skydeo (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6e44bfc09c7d974ae07443b4c6af6fd3e4566e7761755cc89ba810713d2b6482 Importing the module exfiltrates all environment variables --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

Malicious code in teligram (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8090b17ada40e394e1d9df27c6fe6c22db7eed330f00e44ee1cc4d94bfbf3fef Package contains a Telegram bot for remote control of the machine. While this doesn't start automatically, this behavior is not disclosed by the package...

Malicious code in hardixx-code (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c0eeb07f1a0f9149c6e22016d85bcc59e5d0bbbac9514fbef9a2ba0289bf75fe Version 1.0.2 introduced loading obfuscated code during importing the module. However, distributions uploaded to PyPI lack the necessary file storing the code...

Malicious code in grokwrapper (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a7ae896464be7f195243e35231a2435d0a1eb055cc7fa8cfaef707c7e11c55b2 During importing the module, package silently execute code hidden in an embedded config file, and downloads remote executable. It's then added to Run registry...

Malicious code in ccxt-bullish (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0729d9c3ad3f349ec626a97b7a265b1fd84f556bb1758af54adbc87bd29969f1 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in thread-pipeline-test (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2d7de9849aa6d6194b8d6fdf574c6c56c3de7cb75ad338f2428fc7f1374e4280 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in carcent (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6672d1df7a6035da8ee0a2c7a4ed9e7e5bace551e5948fd2e7d7d31a18410a1c Package collects and exfiltrates Discord credentials from multiple sources --- Category: MALICIOUS - The campaign has clearly malicious intent, like...