Malicious code in browserstack-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a2272bbaadf2917d37e4659f060875d56de205e1b5f21ad56605c07eadfa33e The package browserstack-utils was found to contain malicious code...

Malicious code in apl-github-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fc746d95b286b0c3dde3aa7d5d3287da638b8a02ceed430f372112f1f563686a The package apl-github-test was found to contain malicious code...

Malicious code in apl-announcements (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4f5e32781749c59464ed1f8d649c60102886b11838297e856aeaa3be42ed15f1 The package apl-announcements was found to contain malicious code...

Malicious code in agent-starter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aef6858e2b8d9f7b68d47f8549836f84751b481c19980557a6c83c1954a0313f The package agent-starter was found to contain malicious code...

Malicious code in agent-scheduler (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ef725b4f3725bfa9deeef4b7152653c4156fb0feb92d045501c86968bc17525 The package agent-scheduler was found to contain malicious code...

Malicious code in agent-framework-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fc8c54e8fb3b687786f6141ea8ea92fa6eeb60de018eb8543a325bac6eed1f67 The package agent-framework-web was found to contain malicious code...

Malicious code in agdebugger-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector be34269bebfc9203228b56604d750ac51bdf4f84cbf58141d3317fc45c8854ad The package agdebugger-frontend was found to contain malicious code...

Malicious code in actions-label-commenter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0834799a232c7e018eda35f3042f85750f8155d2ec47e2f935389be689671cf The package actions-label-commenter was found to contain malicious code...

Malicious code in action-setup-enos (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a8c231ffd75db68f6571ecaba491b827f5c86e682716dadadf47c74a979f80a The package action-setup-enos was found to contain malicious code...

Malicious code in access-worker-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 90ffaa308018be94514f70476e1756144af41a3f03028aa640c8ab24c7edfcc0 The package access-worker-test was found to contain malicious code...

Malicious code in aca-review-apps (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4019ca27647236621668ae5e45dd104c23d60ad5b64fd5179ad09efda40cc345 The package aca-review-apps was found to contain malicious code...

Malicious code in @youcanneverguessthisonereally/test-pkg (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aee30c3c314a7edd599cfa020d43c4fdc7dec927af6e0af8a7772a3b25d8b63c The package @youcanneverguessthisonereally/test-pkg was found to contain malicious code...

Malicious code in @the-coca-cola-company/receipt-scanner-admin-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 046b5475599d30f293f2eeb7ab9fce35c44cd678ab2cecde2c96e588a170d822 The package @the-coca-cola-company/receipt-scanner-admin-lib was found to contain malicious code...

Malicious code in @tax-taxdev/tools-scripts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37c3192cab77322b1ecf1742c4eda9aa9e5a6b495e3bf386284a15cf36365dcc The package @tax-taxdev/tools-scripts was found to contain malicious code...

Malicious code in @mesh-atoms/typography (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec6ac39821bf7c99a476b848fcfccf47089487d33dc8eeb893b9f87e6dc7f847 The package @mesh-atoms/typography was found to contain malicious code...

Malicious code in @gameforge/http-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5c80f200c1cbaa194dfc83e5a8c911c182ff110b7451512013646d9414429b4 The package @gameforge/http-server was found to contain malicious code...

Malicious code in @fuego-tools/analytics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8b13e975286ea5f50f12e176e5b9399e209b890fc03e8d5f890f02d83a52489 The package @fuego-tools/analytics was found to contain malicious code...

Malicious code in @evoja-web/redaction (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a6b4a72b65f3b4cc6345a711aad3f9282d9ec77958341be6861f2b355ff3f976 The package @evoja-web/redaction was found to contain malicious code...

Malicious code in @evoja-web/react-login (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5a150d97bdfc04cfc9e3ce56a7d6238d57f578628802fa568ea6404b5463070 The package @evoja-web/react-login was found to contain malicious code...

Malicious code in @evoja-web/create-react-project (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector edb63f2bfa081652aba97d2848d34ffdb1f97f0b744457c6811337282b4359a2 The package @evoja-web/create-react-project was found to contain malicious code...

Malicious code in @appleseed-apple/ac-sass-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c09c442c9bf5d1d38099a4ea05b85daf5b071a2d9e6e87dc72d030ecd4ca5404 The package @appleseed-apple/ac-sass-kit was found to contain malicious code...

Malicious code in @3stripes/toolkit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4529c8ef3e0953799338bc7e0cc7d6ce4f1d8797b3e0984d362ebd26df6bec1c The package @3stripes/toolkit was found to contain malicious code...

Malicious code in @3stripes/shared (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ca39203b484afe25fca27596d3c3c81a0a6765ad88d3b129871375127bdb5ea The package @3stripes/shared was found to contain malicious code...

Malicious code in @3stripes/sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 78177fb122038c79210d2b2a9b477a78c4d918bfc9819382745e541503a7e8ea The package @3stripes/sdk was found to contain malicious code...

Malicious code in @3stripes/config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9fea72a3f12c815ec03d587d20386eb4726c301d381fa23d720c25dc903bdcb4 The package @3stripes/config was found to contain malicious code...

Malicious code in @3stripes/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector af3a9f22040b78bb5d4973940dff6f5acad0f3a338e26c8f025ca96245acacc9 The package @3stripes/core was found to contain malicious code...

Malicious code in @3stripes/components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31ba4725ff03b9b0a4645734fca9af46fbd145e147f7fb7ee0942853c425f53f The package @3stripes/components was found to contain malicious code...

Malicious code in robase-api (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 32170773fbd5fab5b2494de72ce601e7b43d9b5c21f36b9bc26a6ada40024de6 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

Malicious code in nj-logger (npm)

nj-logger is a malicious npm package that when imported in file dist/logger/telemetry.js downloads a trojan for Windows only, W64.AIDetectMalware / Trojan.Malware.300983.susgen from http://178.128.88.40:8080/download/svc to path nodemodules/.cache/nj-logger/nj-transport-win32-x64.node and execute...

Malicious code in pretty-logger-js (npm)

pretty-logger-js is a malicious npm package that when imported downloads and executes a C2 dropper from https://www.jsonkeeper.com/b/OTOAQ. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 29e46da449e6d21efcef5e9975a2f8e90c31369882800ed4c560ae47ade99b53 The packa...

Malicious code in vite-plugin-compress-plus (npm)

vite-plugin-compress-plus is a malicious npm package that when imported downloads and executes a C2 dropper from https://www.jsonkeeper.com/b/OTOAQ. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65e37bfe23d9bb451691cffd0333e0900835c8982785dde1908973adf2beaa7a...

Malicious code in terminal-formatter (npm)

terminal-formatter is a malicious npm package that when installed postinstall-hook or imported sends local env variables, files and bash history to https://ghostraper.top and registers a new ssh key in .ssh/authorizedkeys. --- -= Per source details. Do not edit below this line.=- Source:...

Malicious code in tailwind-typography-cssstyle (npm)

tailwind-typography-cssstyle is a malicious npm package that when imported downloads a C2 dropper part of PolinRider campaign from crypto transactions and executes it. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

Malicious code in tailwindthml-flips (npm)

tailwindthml-flips is a malicious npm package that when imported downloads a C2 dropper part of PolinRider campaign from crypto transactions and executes it. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

Malicious code in trgrip (npm)

trgrip is a malicious npm package that when imported downloads a C2 dropper from https://44.206.172.239:7443/direct/download/97900a0e-c691-483a-a988-97b76f205c0f and executes it. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

Malicious code in simple-auth-basic (npm)

simple-auth-basic is a malicious npm package that when imported downloads a C2 dropper from https://coingecko-liard.vercel.app and executes it. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8802844b712eedf88f3862f4e836efd3a767ee4944f6ec3b8c3fbe849fd741b The...

Malicious code in swplayer-react-sl (npm)

swplayer-react-sl is a malicious npm package that when imported downloads a C2 dropper from https://coingecko-liard.vercel.app and executes it. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb25be00997a0e21d0d5337b89729fe6c3a99c9364f8a46d4b2e2a828e845f54 The...

Malicious code in chai-as-chain-v2 (npm)

chai-as-chain-v2 is a malicious npm package that when imported downloads a C2 dropper from https://jsonkeeper.com/b/FAWPU and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

Malicious code in chai-as-stream (npm)

chai-as-stream is a malicious npm package that when imported send all env variables to https://locate-my-ip.vercel.app/api/ip-check-encrypted/3aeb34a333, receives a C2 dropper and executes it evolution of malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=-...

Malicious code in chai-as-elevated (npm)

chai-as-elevated is a malicious npm package that when imported downloads a C2 dropper from https://api.npoint.io/545d3d0c167b8dde920f and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

Malicious code in chai-as-adapter (npm)

chai-as-adapter is a malicious npm package that when imported downloads a C2 dropper from https://jsonkeeper.com/b/FAWPU and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

Malicious code in lockedin-chai-chain (npm)

lockedin-chai-chain is a malicious npm package that when imported downloads a C2 dropper from https://jsonkeeper.com/b/FAWPU and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

Malicious code in chai-as-type (npm)

chai-as-type is a malicious npm package that when imported downloads a C2 dropper from https://api.npoint.io/c26313f0733957a7d787 and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

Malicious code in chai-as-encrypted (npm)

chai-as-encrypted is a malicious npm package that when imported downloads a C2 dropper from https://api.npoint.io/29ebd497b6f232e6b0a9 and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

Malicious code in chai-as-evm (npm)

chai-as-evm is a malicious npm package that when imported downloads a C2 dropper from https://jsonkeeper.com/b/FAWPU and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

Malicious code in chai-as-nobj (npm)

chai-as-nobj is a malicious npm package that when imported downloads a C2 dropper from https://api.npoint.io/5b357f718ab4ee355003 and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

Malicious code in chai-beta (npm)

chai-beta is a malicious npm package that when imported downloads a C2 dropper from https://jsonkeeper.com/b/XRGF3 and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

Malicious code in chai-use-chains (npm)

chai-use-chains is a malicious npm package that when imported downloads a C2 dropper from https://jsonkeeper.com/b/FAWPU and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

Malicious code in dotenv-pack (npm)

dotenv-pack is a malicious npm package that when imported downloads a C2 dropper from https://api.npoint.io/5b357f718ab4ee355003 and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

Malicious code in env_express (npm)

envexpress is a malicious npm package that when imported downloads a C2 dropper from https://jsonkeeper.com/b/ZK45J and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...