Malicious code in @channel_bot/xa0 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector af511b868a0f1a7152f2b73076b3741da38a5ec9f8b2652af8384ca1890d9372 The package @channelbot/xa0 was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in paychex-common-vendor-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 77d8076c0caa289734b5a30b904f9a075ae0d55ea3fc74f665806d913efe7d28 The package paychex-common-vendor-lib was found to contain malicious code. Source: ghsa-malware...

Malicious code in cloudauth-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ccc67c8452789facd5ba7b991c89a1410dc3058f1c8112c16812e8d004efdf0f Package attempts to exfiltrate various credential files. In the analyzed version, the exfiltration target was set as localhost suggesting it's not the final...

Malicious code in randomchoicemas (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0dc4c38310ad4ec9a939abd09fa48fce4f2f2e91e02389d59f3fefc30eda4c2c The package silently exfiltrates screenshots and basic data. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

Malicious code in @t-in-one/save_application_hid_to_storage (npm)

Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...

Malicious code in @bank-widgets/whats-new (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83244f927bab36b8e6f6493e932fea1ed017f30aaf286c82a81990f509589934 The package @bank-widgets/whats-new was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in @apple-pay-trust/check-apple-pay (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e70605dbfa408340f5181bb26e47fb08e3ff8925c50aee6cb62132e724ba7a09 The package @apple-pay-trust/check-apple-pay was found to contain malicious code. Source: ghsa-malware...

Malicious code in @b2b_blocker/hide_activation_error (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7cbbf4ca3aa2fddd7145289bbf2f3ee83ef30e0fb6aa1163f465c4175cd22aec The package @b2bblocker/hideactivationerror was found to contain malicious code. Source: ghsa-malware...

Malicious code in @google-pay-trust/init-google-pay-result (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7dba78dc87b515a0cda716fc10162fbc4c31c264a1e2dbf6f1651257cfa87e62 The package @google-pay-trust/init-google-pay-result was found to contain malicious code. Source: ghsa-malware...

Malicious code in @montanatonytest/app.web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae7604e0d0f1f42d621917113451c0b0583f2c74d4bbe59d92db2cf68101c674 The package @montanatonytest/app.web was found to contain malicious code. Source: ghsa-malware...

Malicious code in @apple-pay-trust/destroy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6515019a886959d905d728f0fdcebeb16aa3e62bcf2e2643c0424ba87aeb8f79 The package @apple-pay-trust/destroy was found to contain malicious code. Source: ghsa-malware...

Malicious code in @google-pay-trust/start (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16feef8620dbb1f3b6c7c6c67f9f7883438f368a3bfd2c2c591d7f30467e67c4 The package @google-pay-trust/start was found to contain malicious code. Source: ghsa-malware...

Malicious code in accesso-angular-cache-buster (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector efe1cff5329801850c1249ccfee1e905acc9e221c3bd424534068908f73b5a07 The package accesso-angular-cache-buster was found to contain malicious code. Source: ghsa-malware...

Malicious code in shopify-draggable (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f631da0153ed8da6498d0662d71d654389a24327b946635a3664d0de9d20b03f The package shopify-draggable was found to contain malicious code. Source: ghsa-malware...

Malicious code in @kills_sh/bootstrap (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e7f5c26dc70e3f5d44e3fc5b4b94fba66089cf8d0d718fc48c4f85aada6f830 The package @killssh/bootstrap was found to contain malicious code. Source: ghsa-malware...

Malicious code in edj-shopify-theme (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0e23978c8bb0369f485f8c3e2384f10d9e649d13a3c198475ace4184c3757a5 The package edj-shopify-theme was found to contain malicious code. Source: ghsa-malware...

Malicious code in honcho-theme (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 84982c0724088423f1dfd6be1667977bde24611206ff38083fbd5f1bddb51ee7 The package honcho-theme was found to contain malicious code. Source: ghsa-malware 23c78ef060edd4e17fe6722502a19a3f7cfa402b9253a432003578db145e5c24 A...

Malicious code in muenxo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48537a437deee473614e25a26caa3436391ae5a590cd8fbd2e8d8b5ec61bec60 The package muenxo was found to contain malicious code. Source: ghsa-malware ffae9a8a617618fdf06b6c2a547167397aa849264407477c10f3490d494beb01 Any...

Malicious code in pi-exa-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 75549c181fe30d370fa436cfe9a04d0df8fa0270b0d022bd5e69b780fc5c10ea The package pi-exa-mcp was found to contain malicious code. Source: ghsa-malware 8b7369c9538e4cea56d92cc659b74b1243d5fd03b619c23d32a85c21b5c8981a Any...

Malicious code in pos-next-react-native (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 17462b618deafef53af5cb939d0240f899e18139f020fa631b898d2862bc6a08 The package pos-next-react-native was found to contain malicious code. Source: ghsa-malware...

Malicious code in temhe-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c9e5d48f36a9f7f2fd80c126d14811be70cc210a382e9edc85d3bc1c4c62968 The package temhe-dev was found to contain malicious code. Source: ghsa-malware 117ca92e4f6c30bab5d2538e054b527cadbd72387d055860a3baf428e279c116 Any...

Malicious code in tinfoil-shops (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12060d7ba8ada1f0215277ed3936de1f8e9f03d47430fe816b634778291d7024 The package tinfoil-shops was found to contain malicious code. Source: ghsa-malware 5fafb06ed458abc37062e49cbd57b0e5c348dba7d88d1524ca5df198216d7326...

Malicious code in vpi-guides (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0746aaba735c5411a6b2e62e27b52b39aace59ceebe307f3cd192fbf052b387a The package vpi-guides was found to contain malicious code. Source: ghsa-malware 28248d8cb6eca76057853d4e6ed366107e13c7dce9b6f02d9afd82475152a369 Any...

Malicious code in wagner-horizon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d97421ed33bbba9349de85dd7f575a7c761e70226645a82545378e6e412d3515 The package wagner-horizon was found to contain malicious code. Source: ghsa-malware c1c6c42ada769c8af91fc0c7c7212a759d8138cd9f5c4af4d5b736d8f879c154...

Malicious code in @w3m-app/get_chain_id (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 26a5497ea6ed8479f242764e1c85fb02158843dd5dec341d2054ea7ef49adb4d The package @w3m-app/getchainid was found to contain malicious code. Source: ghsa-malware...

Malicious code in @w3m-app/is_connected (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 793804fbeaedf1325065aa857a03e0aba4bacd06b686728efeeb4a406f2e2668 The package @w3m-app/isconnected was found to contain malicious code. Source: ghsa-malware...

Malicious code in @w3m-app/switch_network (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a7b0fe342478f8fa59c7d24a50e0105c12841f0ef1b7e96443843c2f3eba85a5 The package @w3m-app/switchnetwork was found to contain malicious code. Source: ghsa-malware...

Malicious code in @bcs-react-ui/select (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4f13a9b44b9cd000d9cc8fbcd4cbc765178ea32a471cd8b339d4ebdda4182d52 The package @bcs-react-ui/select was found to contain malicious code. Source: ghsa-malware...

Malicious code in @bcs-ui/theme (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5e8fd043a0105b7ec2fd37e2db50a7dbab652403949cf1f0950366ddab6eafdf The package @bcs-ui/theme was found to contain malicious code. Source: ghsa-malware 2a3c36dafcc4718b7edd494534658ed583e693c1235d638066d51997eccb1d10...

Malicious code in @bcs-bank/common-constants (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9c84c16934aaaeda86ed317c33795f796252ac98aaf9f39208575837332b372 The package @bcs-bank/common-constants was found to contain malicious code. Source: ghsa-malware...

Malicious code in @bcs-bank-react-ui/swiper-slider (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ecc6cabd59042f5fc22327d81efedc2ed1926f8f9457d124906fde72fbf65d46 The package @bcs-bank-react-ui/swiper-slider was found to contain malicious code. Source: ghsa-malware...

Malicious code in @bcs-bank/init (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eb2a526cbf1ef79ebdf6126f699f18ffbb6f4520d46fc66f709da256b903e8e1 The package @bcs-bank/init was found to contain malicious code. Source: ghsa-malware e8831b7c4a8b59f53226813d7d4203e4b28fdc08b8df0d5c60bd1d9e78874786...

Malicious code in @bcs-mi/store (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32fb1f804a47c0e11e62bab82cc978af199c0517a91965fb2bfd34f226237d34 The package @bcs-mi/store was found to contain malicious code. Source: ghsa-malware cc97afe6281e170826ea8ad4c189a9d5bb874fe69ca97da0e2bbdf327e33ba91...

Malicious code in @bcs-react-ui/context-menu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 22d7735468c4f2cdf66767c4b52a6a089b195ea5bb820b82a03690fb0c9586bc The package @bcs-react-ui/context-menu was found to contain malicious code. Source: ghsa-malware...

Malicious code in @bcs-adapters/core-adapter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03871adba35cfbd98c46538c5e9d0249287bcc583bbf32fe1561eac467b2c5d8 The package @bcs-adapters/core-adapter was found to contain malicious code. Source: ghsa-malware...

Malicious code in @bcs-adapters/keycloak-api-adapter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f764a24270c6884e2f07d786ae252002ce64b35efb380b1dbce85e6af90a8e6 The package @bcs-adapters/keycloak-api-adapter was found to contain malicious code. Source: ghsa-malware...

Malicious code in paypal-payouts-bridge (npm)

Malicious npm package published by the microsop threat actor as part of a dependency-confusion campaign that impersonates internal tooling at Microsoft, Google Cloud, and PayPal using inflated semver values e.g. 99.9.x, 100.1.x to win npm resolution against private internal packages. All packages...

Malicious code in microsoft-agents-auth-service (npm)

Malicious npm package published by the microsop threat actor as part of a dependency-confusion campaign that impersonates internal tooling at Microsoft, Google Cloud, and PayPal using inflated semver values e.g. 99.9.x, 100.1.x to win npm resolution against private internal packages. All packages...

Malicious code in feature-flag-service (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ba3fb4537827a604de645ffad07771bc9f7ed4e1f4a70b16b4c35effadcf744 The package feature-flag-service was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in gauth-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 aea1fab5eb3b9422c65232e53e79eb71ba3436355601cd61e7a7b0177779df4e Package impersonates Google and attempts to exfiltrate various credential files. It also setups PTH file for automated start during Python initialization. In t...

Malicious code in puan31 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 27d04731b8fc3968b624ec2435d48b09d1afffb46fefb44745c2c8ff31bf4855 During import, package automatically starts a connection to a C2 server, exfiltrates information about the host and data like the browser's history and sensiti...

Malicious code in rostilesolver (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 eef0922e5bb8ba3371baad4b76542215ff15e445a9d6ed6fb5546230fe5da4df During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

Malicious code in google-cloud-secret-manager-config-poc (npm)

Malicious npm package published by the microsop threat actor as part of a dependency-confusion campaign that impersonates internal tooling at Microsoft, Google Cloud, and PayPal using inflated semver values e.g. 99.9.x, 100.1.x to win npm resolution against private internal packages. All packages...

Malicious code in internal-company-module-test-1337 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ffa107cadda6301a772af8727ebafd976365c28371cddd211c176a57b12715d9 The package internal-company-module-test-1337 was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in pwn-control (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 719b4c85917a0a8bc84e7591598b0d17098dd32c8f29b5c09eb25fe1d3e079c3 During installation, the code runs code to silently control the device via Telegram bot execute commands, exfiltrate files. --- Category: MALICIOUS - The...

Malicious code in metoopro (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6e089d4b8b0fe90a96024c1160f198df5ab7ec0b30f1f5765cf81ef4aa640279 Designed to run on Android. Under the mask of an AI agent, the code downloads a remote executable on import, and during usage, silently exfiltrates data like...

Malicious code in ally-call-wait-time (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20246193f2fbde13a2dccd6325c1d46a7fec7e8491b4df3ae6fefa85eff99bbf The package ally-call-wait-time was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in @allybank/ally-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d33aa2edae61b25d620c43d0a5a6223ff28bd128a7fdb5525d25b5c867d52568 The package @allybank/ally-sdk was found to contain malicious code. Source: ghsa-malware...

Malicious code in ally-allowlist (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a086e259ec0972dac4c5fa5c2e204b09c2158df4e01326321b84676837b85be9 The package ally-allowlist was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in @athena-portal/themes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ceef23383971e2a8f5f8f790c03e71fe17b0a7fc7dee044e2fd39424ce20856 The package @athena-portal/themes was found to contain malicious code. Source: ossf-package-analysis...