Malicious code in fastavro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b8e01c7f0d2603f1d6cf541b7aa69c4bf9253ad1cd6b970a3337db957668a420 The package fastavro was found to contain malicious code. Source: ghsa-malware dfa83913e0a60ce0006e336f2f9f837aac0fa16d414d3c4c149562e19aed7474 Any...

Malicious code in sfdc-abstract-legend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a29f7f51ba229ced87dfa4e1c978407d9e716ba77115ad38601c49896e0584bb The package sfdc-abstract-legend was found to contain malicious code. Source: ghsa-malware...

Malicious code in rum-events-format (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f6a17ba09614cd69d096859385577957b2737a3dce290dda9712c51fd7179c5 The package rum-events-format was found to contain malicious code. Source: ghsa-malware...

Malicious code in portal-lim (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eff3dc977380263ed801e45db7d242fb194b66d319545d913fd30087e7c4b274 The package portal-lim was found to contain malicious code. Source: ghsa-malware 9368b862e0bcedf32684551fa238a7364f7214a84bae4597cff992d6ca8b2993 Any...

Malicious code in database-mongoose-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df08b31cea7b04dc684cec25582ae2e1877edf126ed8b1963f77c87b4d93de08 The package database-mongoose-kit was found to contain malicious code. Source: ghsa-malware...

Malicious code in @onlytoodles/crypto-jsa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 731c33f548ff79b458afc89fa8f3158762537acf2db8d026864792bb3222be7c The package @onlytoodles/crypto-jsa was found to contain malicious code. Source: ghsa-malware...

Malicious code in wartsila-text-csv (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7aa25dcd1a96ff24f8f3638d5f052e05a258f9847ef25a146cd479697b26a963 The package wartsila-text-csv was found to contain malicious code. Source: ghsa-malware...

Malicious code in serval-integrations-common-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 034a79cdc705d00ab7fb639f1d90c46135f42d8f6cf57eef63bf822adbffac48 The package serval-integrations-common-frontend was found to contain malicious code. Source: ghsa-malware...

Malicious code in node-calculator-0d96 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a218c7694e38a516577be3b65e74e782080f98629b0cc39516beab80562f57b The package node-calculator-0d96 was found to contain malicious code. Source: ghsa-malware...

Malicious code in malicius-pdf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ede57271088779798df2bc6c486e25090d044d8dd9a821c55133d3af2aa46e9e The package malicius-pdf was found to contain malicious code. Source: ghsa-malware df5f61561f8b0dfa30e2b5bf91f7257c1f8672ff2f66928f43c3402b3250e263 A...

Malicious code in EffetMer.darkgpt (VSCode)

The package downloads and executes a hidden executable from a malicious URL...

Malicious code in libxmlrussia (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 09a896cf7e2a9565c72e2dbea89306401102334fe016a8819be5ab476cff9d8e The package libxmlrussia was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in helloharry123c (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7d96199434e00bd319016041b6a9d896c57ad5bc13773a87ef01d2096d0d9e36 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in libxmlussr2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cef3040d3e54888147d11d2b7de509cbf77a77b93a7d5a6082cb7575d20a6d43 The package libxmlussr2 was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in libxmlussr1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53a26137f4b62749b9f491cb82c0c0f9d95f0fa03f7dcd2e8067b39b5de0e005 The package libxmlussr1 was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in ctosec-appsec-wb-xray-adapter (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 33176e85f6e5dce44273ddbf5be45cf64ddd36db281b50a5868851a32fb19d0c Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in ajenti-plugin-testing-pyld (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8f75e248c6b93183d9fb3295781e0ffda38ca1afa25cefb866205312f2a78cfd Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...

Malicious code in libxmljsololo2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ddf08b4bf0c122f751f82c3c5b909759570d84e47e5059bde5729221ae910a15 The package libxmljsololo2 was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in bignum (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 251c8009e3a70f8c3a3a8283dc7f2b603838ec892d7773f0b4886122ff0d97c5 In this incarnation, the package is no longer a clone of networkx, but continues to use the same technique to run secretly remote code and cover tracks ---...

Malicious code in libxmljs2woter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb0d4800be662e443c5452e2dbf7088498563ea91fe9056e186e8e6f5d397c89 The package libxmljs2woter was found to contain malicious code. Source: ghsa-malware 5b498dbda523b62755dd841fc0e66d62bddb3feef9c4ca0d5078b7dec40fdd1c...

Malicious code in libxmljs2qwerty (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98e288816b28da06174dcb7d9315fb857fc7daf80f81a57de2fbe1b0a3419895 The package libxmljs2qwerty was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in libxmlfinal2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cac89e3df77030c41a5f9d5ac7a10bf66dad824ef1d013c47d913be27080f190 The package libxmlfinal2 was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in libxmljs2varaboba (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5238325d9c28808a2213c9d93413847ccb8a9989720c91a2e6f8b161947fda0 The package libxmljs2varaboba was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in baidu-oscp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1707ecb3311268a4753a44190db82280e80d16015e5474475863a3e1487aa5c0 The package baidu-oscp was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in do-not-install-this-package-001 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 27c17335ba5378258efc5d22274e8104e45a493eec51d60d0adbeb9c4f627714 Generic campaign for all likely research / pentests, where the amount or art of collected data raises questions about the privacy, security and ethical side. -...

Malicious code in telcoo (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c96937a82adce2ecc6628245fd858587131511b4145c04f577ec25d8fa846577 Running the module starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-12-evil-rce...

Malicious code in graphsync (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 dbb10327d6553750848c2b849abba1ed717438928a6cfdc148b73de73db8e9db This is a malicious copy of the networkx package. It contains an obfuscated script that downloads and runs further scripts from one of multiple locations, and...

Malicious code in jsonify-errors (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f4b6594184587f6475f55e2b97c6f1af77e43da5026cc23d96dec6cfc70c1537 The package jsonify-errors was found to contain malicious code. Source: ghsa-malware 756f389321cc3f827ceaff0d493d6792c81f6b2917bb67890f07c81dc6f64b1d...

Malicious code in chai-uuids (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42324f1af790a75f6b7a0e081a7d97f1e299d3d3c8c815e37c594d0835ced4a6 The package chai-uuids was found to contain malicious code. Source: ghsa-malware 35cdb6e3e91aabd46ed85adb22b6972f688ae93b61f82f3cb8e2adb8f4294c48 Any...

Malicious code in raft-dask (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 030a53a896f5df53ae7114349ea26d0d00d132929f557c6b16ce9e2cdb217a0d Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in configurator-framework (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1415a36eca30ec625b99386cebfc5f9538d73854984673a1f6827c6f7db1ddac The package configurator-framework was found to contain malicious code. Source: ghsa-malware...

Malicious code in sketchfab-spinner (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f004e2139080a087917f5cfc654423a3ed60ca232dd8a051955d6af9508b1a8f Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in helloharry123p (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6e199ebf30ba4e39d4e6bd9fc4d31ffa9f0a7687e21f67e2e6e8c01e3f24717a Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in shop-api-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0306448f7e93f12777f1ee6bfa83d502c06b0a61ae631c612fabd3f8a5d6021 The package shop-api-sdk was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in gs-uitk-lodash (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2de2e606bc9fde8de540caf63cbded837e1bbbd7bc6bd2d477e38dcf89a76f0b The package gs-uitk-lodash was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in graphnode (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 981903800087e4528bba3ec6bb841e810feaedfa490e7f078fcac9c9d663e4ce This is a malicious copy of the networkx package. It contains an obfuscated script that downloads and runs further scripts from one of multiple locations, and...

Malicious code in @notrainers/nobtrainer-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f897e383035341f83bc0c7357ec775c42dcf5f88689994882325daf4c5c6730 The package @notrainers/nobtrainer-sdk was found to contain malicious code. Source: ghsa-malware...

Malicious code in tensor-fi-utils-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 097848a520bc6a7316c011e97b306f4743b5498acdeccea54d5d4a0ab44bdebd The package tensor-fi-utils-core was found to contain malicious code. Source: ghsa-malware...

Malicious code in solana-dexco-basic (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c85fd31c83f8c435f8ac1833cf404a39af10af647c6305eab6e8ff993eadf9a The package solana-dexco-basic was found to contain malicious code. Source: ghsa-malware...

Malicious code in paysera-checkout-modal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1bb6d9d88b5364464913578a099da2b1259bed01c770b78797f9c7f97dd9ba67 The package paysera-checkout-modal was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in tna_xmlparser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e70bf55e611d269d207f5ff39c92876d210b2470cd6b84c251eb34e5f3a5448f The package tnaxmlparser was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in hexdeci (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 16ae0ccb5a073a33b198ac6fd10854edfebb3c20c2d67d0363484602813d445e Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...

Malicious code in react-hook-form-5 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1aa38d2e5718b378c2958a34a971314652bafc4462818307ae8e36df83f6cc7 The package react-hook-form-5 was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in python-tg-bot (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5397ab6595b8237172e9a49952d092803e03526e3dda8277c64dc4d26ae45ff2 During importing, a dependency with infostealer is loaded and package attempts to exfiltrate credentials. --- Category: MALICIOUS - The campaign has clearly...

Malicious code in blank-lib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 96f1bcd77950a6cd42af11d0d4fb4ba3d58349cfde6236027341c044e152bfeb This is an infostealer, based on Blank Grabber. It's used as dependency in other malicious packages --- Category: MALICIOUS - The campaign has clearly maliciou...

Malicious code in datadog-checks-base (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0c81f3e37fe2d626410665826364d682e76edf32642b1cf36d4b12b987a9b102 The package datadog-checks-base was found to contain malicious code. Source: ghsa-malware...

Malicious code in evil-rce2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 63a6a4d1f5ad55b3b2b836b95a7153f322bb4ea2f718f665a51a4a94f32576d5 Running the module starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-12-evil-rce...

Malicious code in telco (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 55c8199592663c3f388cba22988800084bbc3a5696279eb22c53e837c1d8ac40 Running the module starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-12-evil-rce...

Malicious code in fdir5 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e6863b32353d63e9eecdc0ff2ce31db470ed49deb7ccdee067795e37e92bb72 The package fdir5 was found to contain malicious code. Source: ossf-package-analysis 5fbb878466820a17ee68843707334225006abad5203a6e4fbc61130d466028bc...

Malicious code in ssf-desktop-api-browser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5940c26ac6aa2f9c3682f4d383922757d2d5c361b5a70140ca289eabe304be8d The package ssf-desktop-api-browser was found to contain malicious code. Source: ossf-package-analysis...