225914 matches found
Malicious code in github.com/BufferZoneCorp/net-helper (Go)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters. The packages in this cluster steal...
Malicious code in knot-simple-formatter (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters. The packages in this cluster steal...
Malicious code in knot-activesupport-logger (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters. The packages in this cluster steal...
Malicious code in github.com/BufferZoneCorp/grpc-client (Go)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters. The packages in this cluster steal...
Malicious code in github.com/BufferZoneCorp/go-envconfig (Go)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters. The packages in this cluster steal...
Malicious code in github.com/BufferZoneCorp/go-retryablehttp (Go)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters. The packages in this cluster steal...
Malicious code in github.com/BufferZoneCorp/go-stdlib-ext (Go)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters. The packages in this cluster steal...
Malicious code in github.com/BufferZoneCorp/log-core (Go)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters. The packages in this cluster steal...
Malicious code in knot-devise-jwt-helper (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters. The packages in this cluster steal...
Malicious code in knot-rails-assets-pipeline (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters. The packages in this cluster steal...
Malicious code in knot-rspec-formatter-json (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters. The packages in this cluster steal...
Malicious code in github.com/BufferZoneCorp/go-metrics-sdk (Go)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters. The packages in this cluster steal...
Malicious code in knot-date-utils-rb (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters. The packages in this cluster steal...
Malicious code in github.com/BufferZoneCorp/go-stdlog (Go)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters. The packages in this cluster steal...
Malicious code in github.com/BufferZoneCorp/config-loader (Go)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters. The packages in this cluster steal...
Malicious code in knot-rack-session-store (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters. The packages in this cluster steal...
Malicious code in @design-system-coopeuch/web (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a871445c3913d747a2f1383bcfdac02d6dec26ddb2053260340284cf4ee02233 Package @design-system-coopeuch/[email protected] is a dependency-confusion squat of an internal-looking scope, published at an inflated 999.x version to...
Malicious code in amino-fix (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 807db606fec148f1acf0e1ddb4ec2e0a68ba672bb8e5641f9eefd0d425f30a44 The asyncfix subpackage's signature helper in aminofix/asyncfix/lib/util/helpers.py lines 22-25 does not compute the NDC-MSG-SIG locally. Instead,...
Malicious code in microsoft-applicationinsights-common (npm)
Two malicious npm packages published by the micresoft account typosquatting "microsoft" are part of a coordinated supply chain attack sharing identical infrastructure with packages published by the superbase account. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at...
Malicious code in auth-javascript (npm)
Three malicious npm packages published by the superbase account implement a dual-vector supply chain attack. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at .claude/settings and a companion .claude/settings.json that registers the binary as a Claude Code SessionStart hoo...
Malicious code in iceberg-javascript (npm)
Three malicious npm packages published by the superbase account implement a dual-vector supply chain attack. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at .claude/settings and a companion .claude/settings.json that registers the binary as a Claude Code SessionStart hoo...
Malicious code in ms-graph-types (npm)
Two malicious npm packages published by the micresoft account typosquatting "microsoft" are part of a coordinated supply chain attack sharing identical infrastructure with packages published by the superbase account. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at...
Malicious code in supabase-javascript (npm)
Three malicious npm packages published by the superbase account implement a dual-vector supply chain attack. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at .claude/settings and a companion .claude/settings.json that registers the binary as a Claude Code SessionStart hoo...
Malicious code in txwrap (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 72b4db77d156fffbfdf3253cda39d73180fda419676d356fdbc217130c289549 During importing, the remote code is downloaded. It then exfiltrates cryptocurrency wallet data to a hardcoded location and places a backdoor through a new...
Malicious code in @gusmano/reext (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 498a21b60dcdfe236ea0b1683e1ec64aa091643b6ad562c3845757eed79660d8 The npm preinstall lifecycle script dist/scripts/preinstall.js, wired via package.json "preinstall": "node./dist/scripts/preinstall.js" reads the...
Malicious code in always-updates (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dee16a964c16035579f7be2f965a801f87876080603f389e1e75ec3073bd5c2c The package's sole advertised CLI aupd, registered as a consolescripts entry point to alwaysupdates.main:main executes...
Malicious code in afk-react-intl (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 807b3bc717a7c8f60ecb69d7653fd0942431e9e6adf27cb34e2f68b4bae06cec The OpenSSF Package Analysis project identified 'afk-react-intl' @ 99.99.99 npm as malicious. It is considered malicious because: - The package...
Malicious code in katal-platform-versions (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8dc8f21e750df73dfe46bbeba3bcfac8e88308adddf33680ce9751e7a1fec4af The OpenSSF Package Analysis project identified 'katal-platform-versions' @ 99.99.99 npm as malicious. It is considered malicious because: - The...
Malicious code in ai-spellcheckers (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 205425d7a8407b8bed958a99660e2ec74e21f9b0e1427659529636347333c5c9 Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...
Malicious code in @a91082900/test_package (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b8349cd7ce2c9ac2321dce8f80e5a46c0064b382fb7e54e975ff27a2dcab1254 The package's main file index.js executes at module load, with no exports and no user-invoked API. On import it issues...
Malicious code in aoflmkt (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7d5581b164c03c1b17ecfa5e7bab0422b7168cb3a8d44108ac108467e37adbc2 The OpenSSF Package Analysis project identified 'aoflmkt' @ 1.0.0 npm as malicious. It is considered malicious because: - The package communicat...
Malicious code in aoflcorp (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis bfc014b9e60bb1abb58d948abcf31112dd4c160ab8416317476f3c67c2e84d49 The OpenSSF Package Analysis project identified 'aoflcorp' @ 0.0.1 npm as malicious. It is considered malicious because: - The package...
Malicious code in kaggle-runner (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8dcd49ca70b987b236ba4341d839addfec9afb344e1471195f2f825281092f71 kagglerunner/coordinator.py embeds a bash reverse-shell template rvsstr that connects to vtool.duckdns.org:23454 via ncat with retry/backoff plus a...
Malicious code in justenv (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7b391e2932f5ed4a24b376c4c9ac84c98b88764799b6ddccdc68e19964346228 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in jwscube (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 325d4311f3dd1d82c8f9ee1ddc19a767eb69adf0a338625c8ce1e9d40062dec7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in mimecast-web-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 31248312aa36cca999d7f40ba478d484be495b350e0858850baf3a9a6bf15630 The OpenSSF Package Analysis project identified 'mimecast-web-components' @ 2.0.0 npm as malicious. It is considered malicious because: - The...
Malicious code in 88q (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb830829cae1605ff7626653a2470db03cd5a5aab98b3f0a7f5912eaf244561b The main entrypoint index.js runs an IIFE at require time that monkey-patches the global console.warn and console.error methods. After the override,...
Malicious code in 66o (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3ba0e9f968d627812a2a4efbb8631d3400b6c19692c7668c8e511e2808aaa62 On require, index.js replaces the global console object with a Proxy index.js:36-73 that intercepts console.error/info/warn calls anywhere in the hos...
Malicious code in 6cc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4956159952af1b6af08b70ab219d7827988fae1fd82994f29090a1f2bf299094 index.js executes on require as an IIFE that reassigns console.warn/error and adds console.SL/FB/N to forward arguments via fetch to a hardcoded...
Malicious code in 0xegg2024 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86f32380998652e4d6d7b70da165cff6d669a4c6a6d9297da2a137071abf6317 Tea.yaml token farming campaign...
Malicious code in @catamania/ui-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 326cc4cf1fbe96c77b6340df59ebea040cdd522e3e4bc76471563190044cf53a The package declares a postinstall lifecycle hook "postinstall": "node postinstall.js" in package.json that runs automatically during npm install...
Malicious code in 01-0redi7qgbz0uv (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ceb633970757ab5d5ee0b64512c18d46be8402ac2169769101655a697ee5d6d the analysis found that this package has a garbage randomized name '01-0redi7qgbz0uv', empty description, placeholder test script, and an index.js th...
Malicious code in dlty (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 494f5fbab24a26771e84ce06eea5303b7d1b9135b505a6d93a01c417603f1902 Importing the dlty package triggers an active data-exfiltration channel from the installer to third-party-controlled infrastructure. dlty/init.py...
Malicious code in 8q (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a10addd46910ba157e59c0c301c15ea56de73adb23c4d3422520b67876cdc0e The package's declared main entry router.js is an IIFE that runs the moment an installer's code executes require'8q' or import '8q'. On load it...
Malicious code in crazehub (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53d37c0e75f63e9da7adcc1f71f8b67a665d080342df6857a15dadc297e4f075 crazehub/init.py performs multiple user-hostile actions at import time. Lines 2-3 unconditionally run os.system"pip install phonenumbers" and...
Malicious code in projz-py (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 196ea7ee7277857a29c8478e6908961bde9f28aa136c3e6ae68412ba4b67bff0 The package routes authentication-related calls through a hardcoded third-party HTTP endpoint and then unpickles the server's raw response, which is ...
Malicious code in 100jsss (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 207a07d918d9b3ddfdf0f845ec22f6bab19629fa77968d3b41409d0b62bad441 The main entry g.js constructs an image beacon whose src is a base64-decoded attacker URL https://w.g32.com/g?k= concatenated with...
Malicious code in pirxcypackage (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5de481a31a831804a096bf6cf87157c0b0ee158aa7306c95080447764f9f7540 PirxcyPackage/init.py fetches https://pastebin.com/raw/91tFF63S and passes the response body to exec on every import. This is a textbook...
Malicious code in mymaldependency (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38372ffa2ec19cee68f769508d95ffb4f5c1878aeae058ce3e7a33b947d06cf1 MyMalDependencypackage/init.py executes on every import: it calls os.uname and os.getcwd, writes the results to./trans.txt in the installer's working...
Malicious code in 1mi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a68ec5fa97918431510ba9ef57d3d601738891094478b5ebf996a3eafa0cb960 This package masquerades as a Cloudflare Worker Telegraf middleware README: 'cfworker-middware-telegraf' but its main module unconditionally forwards...