Malicious code in fivem-monitor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 46a604a0acf84f672e7a3235e103f365f9d9f704c96faa12dcb5b9b0a9806004 The package fivem-monitor was found to contain malicious code. Source: ghsa-malware bea91e9a2c853e88f029684fb53cecc15f1960b1ccafb583b1da52a754f9ee4d...

Malicious code in kcvlib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4a441a8e0abdd54964ca9e0a5e3a1d0e0c0435f05d80ab9e9210e10194a16f3d During import, the package downloads and executes obfuscated code. It appears to be an infostealer framework --- Category: MALICIOUS - The campaign has clearly...

Malicious code in genmedia-izumi-agent (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6afd24d0d974a2b6b82c9aa120945d1c531a3ea17e81bbdf526890f2f0e18905 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in supertag (crates.io)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8af13a06fb931a42d83e13b19fd998ff62e59ef3d56302bfe9d257e07e2bad46 The OpenSSF Package Analysis project identified 'supertag' @ 99.1.1 crates.io as malicious. It is considered malicious because: - The package...

Malicious code in wm-plugin-teach-me-widget (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8892d058e7f10e304a86eea230ef7fa8fbf9a76da1d09b60f5498305690d4bc The package wm-plugin-teach-me-widget was found to contain malicious code. Source: ghsa-malware...

Malicious code in coloreasyprint (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d52af876a91a6ff5ff8144b705201fd465db94ad89f0e1b37bd22fe6ca0f5622 During import, the code downloads and executes encrypted payload from remote location. During analysis, remote code was prepared to download the next stage...

Malicious code in lsh (crates.io)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8cd6cecd3051e3998c5f96ec8dbe1bcfffc1ed7133d394a1779c8c1b0252c8c0 The OpenSSF Package Analysis project identified 'lsh' @ 99.0.1 crates.io as malicious. It is considered malicious because: - The package...

Malicious code in mypypipkg (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a94a9bbd6a292f754fedd6ae737eaf5259925cf382a610c9d63e9d210a3f3677 When running as a module, the package starts a VSCode tunnel and exfiltrates the connection link to the hardcoded target. This lets the attacker connect the...

Malicious code in apple-app-store-server-library-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f6b57befbd248b884d81978566bd3d4a57ef499f1eb8f8f66c00dc02e76588c The package apple-app-store-server-library-poc was found to contain malicious code. Source: ghsa-malware...

Malicious code in robase-ui (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9ca93a110c410fd6294e5270289bebb1872f9b81152d837f4990756881646cc0 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

Malicious code in @w3m-frame/session_update (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a327a8e78038064af56af7f6b1aa21b98a0cee0ed571f5fa53d6187a2b8f9cd1 The package @w3m-frame/sessionupdate was found to contain malicious code. Source: ghsa-malware...

Malicious code in amzn_codewhisperer_streaming_client (crates.io)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7fc27be867bc1ae651b345d2f825d0ac8d796615c022747306e87bd3ff0d1fc8 The OpenSSF Package Analysis project identified 'amzn-codewhisperer-streaming-client' @ 99.0.1 crates.io as malicious. It is considered maliciou...

Malicious code in @pyme-web/web-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e52ac4b8d97b81cff5824f4ddc38897183df4e20ecd3f1e7df62e8f6645f236a The package @pyme-web/web-api was found to contain malicious code. Source: ghsa-malware...

Malicious code in @pyme-web/ui-widget (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a73f6d1f150b07a8023fdef84fc4cc091a7cecbed37ff3364bfb328747951526 The package @pyme-web/ui-widget was found to contain malicious code. Source: ghsa-malware...

Malicious code in @pyme-web/ui-base (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6780882125fbf59796027cea605339595d23058e19a6a2a257637f225adb51e8 The package @pyme-web/ui-base was found to contain malicious code. Source: ghsa-malware...

Malicious code in amzn_consolas_client (crates.io)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b994a8876bfb6c3da65e5f20b8cd611ebbb87995fa052e2f6283b5c09bfb0a91 The OpenSSF Package Analysis project identified 'amzn-consolas-client' @ 99.0.1 crates.io as malicious. It is considered malicious because: - Th...

Malicious code in semantic_search_client (crates.io)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2495e4537e60cafc5bc13f96987b82749fce367078ee036e3e4fb4421b5bdf4c The OpenSSF Package Analysis project identified 'semantic-search-client' @ 99.0.1 crates.io as malicious. It is considered malicious because: -...

Malicious code in fetch-data-api-syncapi (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 dda63ba0d0dbd4ddf1d89523cacf89d51ffc9a25891e38cb49a9e424721fba9d The package contains code to download and start a malicious executable. It's masqueraded using name similar to Windows services. In analyzed versions, the code...

Malicious code in @taxmoninor/taxmon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42f9358f8af80b7021c6d4bb86f10796de5ad8ef2ec941d0057954b9e6a18355 The package @taxmoninor/taxmon was found to contain malicious code. Source: ghsa-malware...

Malicious code in @apple-pay-trust/authorize-payment (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6403670e0f9573b88d997609a27ef3630ca5d0442446368011a1980a1b56298 The package @apple-pay-trust/authorize-payment was found to contain malicious code. Source: ghsa-malware...

Malicious code in @activation_code/success (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d00bacff8cfa3ae8a22cfb51c4be0ad025ce42bc29929c07a7eaad6be36c702c The package @activationcode/success was found to contain malicious code. Source: ghsa-malware...

Malicious code in @apple-pay-trust/cancelled (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0c6d2bdfddde00dc6bb5663ffb7fd381c2e392a8c65d6a8890b400c219c160d The package @apple-pay-trust/cancelled was found to contain malicious code. Source: ghsa-malware...

Malicious code in @apiary-annex/meta (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector beaea0c4666896c82c0b26b3e24708dbf4e2f28425735b67b5e723802337d51e The package @apiary-annex/meta was found to contain malicious code. Source: ghsa-malware...

Malicious code in @business_promocode/cancel_promocode (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 002798d60b98859a68bc9daf0ebaf7794b8d83973b69fb4c8bfe9979f685e51d The package @businesspromocode/cancelpromocode was found to contain malicious code. Source: ghsa-malware...

Malicious code in @activation_code/activate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 051c685a7704a23fd8a744185c9b8551c7acda63ebf95feabd3ca4b9e1f8ede6 The package @activationcode/activate was found to contain malicious code. Source: ghsa-malware...

Malicious code in @business_promocode/apply_promocode (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5adac459fd1c8fca06e818942c9a98e6f798828163fadd996266ae7660132ae7 The package @businesspromocode/applypromocode was found to contain malicious code. Source: ghsa-malware...

Malicious code in @b2b_blocker/show_activation_error (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79dc8a9f5dac0334c50b1129f725d9f0c98e7c1085624d74c6172ade69db8417 The package @b2bblocker/showactivationerror was found to contain malicious code. Source: ghsa-malware...

Malicious code in @activation_code/error (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fec73b17468bf333bb1bf6a071209103b774e371dfbf9961ad522dbd006fff7d The package @activationcode/error was found to contain malicious code. Source: ghsa-malware...

Malicious code in @apple-pay-trust/finish (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9abd2d210c4a5df0e95f326e80b2e6618647c03ba4158e1d6ffbd36d9f7b800a The package @apple-pay-trust/finish was found to contain malicious code. Source: ghsa-malware...

Malicious code in @apple-pay-trust/check-apple-pay-result (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e1519a2b638e44ce9001f6e843a09909254897aa84597b6476e1004efbf0a16 The package @apple-pay-trust/check-apple-pay-result was found to contain malicious code. Source: ghsa-malware...

Malicious code in @apiary-annex/title (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a21d55a19694bb77a748bff53e74597f9c1ed88df95f421975af40efe38a4183 The package @apiary-annex/title was found to contain malicious code. Source: ghsa-malware...

Malicious code in apple-internal-dev-check (npm)

Malicious npm package published by threat actor "raya4321" as part of a coordinated typosquatting campaign impersonating Apple internal infrastructure services authentication, PKI, telemetry, CloudKit, and cloud infrastructure. All packages in this campaign execute credential-theft payloads durin...

Malicious code in bytedaaa (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fedb317c49dbeddcfa00503c821197919801ee034dd6713e6a1c45ea68ebd7dc Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in bytedecs (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 33034832d7823023eca4d7640030b040b26d4d5274e222bf294b7cf0be28430c Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in bytedvke (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4d7b293713f6e943f2ac8e40677077233de06bb3e600b6e15611a822013dde1b Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in bytedark (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b1b29d53129e34fa2f09eacd9218f1bf87711e4a88587ee9c5f4453cfb6974ac Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in bytedai (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6453b603ad8bfd1ff4463c1bd86e1930757b08239ec949b01fbc95ca0c5486a6 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in bytedmlp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 747ac5ba3db3b0d1cc24dcec3ffa5c068394edf57bf11d5f28b03526a4eda95d Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in bytedvefaas (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a19e705383e238bb8f9fcddce486d3b46640201c5296961abd59054c030f2049 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in bytedfaas (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ec7e2decd402442fba2d4ebd7637b596a33ef132120ffe4f3a8b5d2d6ce8475e Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in bytedclaw (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 222fec842fbce5c57d9ab98166abc5a0b555076048a153f00dd34b7a1ceec072 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in byteclaw (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3fe21c4a32b814a0b46b75a26033bae1f40e1caa237e394842aff14639b7aaec Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in bytedvod (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c2b90eec61e5e2a472f910011acc1e66e407b4a240e907ac74289221e1a5e83f Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in bytedpymysql (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 95b665975b64f2f75bd01fbff31dbebfbc78c7352ccc67f3ddb64fc955e81d63 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in bytedbackground (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ab2e307770a6b144edad3254d316375ed3cdad0a56f21438b28bcc0f1a17fcb9 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in bytedtccc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3ffa89455e2b287319982cda83447a21535ba442b7532714ca2867a935712bcb Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in bytedmem (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 410777f44f683eff2ab28c9dc499058d36f39204f834dd2040ed9b5bbf628174 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in bytedpgsql (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 645f636a2360d86d320bbf691de6457d8df8a7e066fa3fce10b8a85f8576a7a2 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in shopify-app-extension-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bf25a3a07b9adf8865f783819176d646b7c5485aeb1539422555bf596abfeaa7 The package shopify-app-extension-template was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in frank-research-poc-apple (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 216e5eb321826d85c29f23b333d509a469f138b5317a41b818da919bc9bf9c47 The package frank-research-poc-apple was found to contain malicious code. Source: ossf-package-analysis...