225920 matches found
Malicious code in env_express (npm)
envexpress is a malicious npm package that when imported downloads a C2 dropper from https://jsonkeeper.com/b/ZK45J and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...
Malicious code in trackora-chain (npm)
trackora-chain is a malicious npm package that when imported downloads a C2 dropper from https://jsonkeeper.com/b/BADC6 and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...
Malicious code in chai-as-inserted (npm)
chai-as-inserted is a malicious npm package that when imported downloads a C2 dropper from https://api.npoint.io/ef2875f70e59e319189d and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...
Malicious code in chai-str (npm)
chai-str is a malicious npm package that when imported downloads a C2 dropper from https://jsonkeeper.com/b/XRGF3 and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...
Malicious code in chai-as-mobj (npm)
chai-as-mobj is a malicious npm package that when imported downloads a C2 dropper from https://api.npoint.io/31bccfbf4ee2732207a4 and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...
Malicious code in ccxt-telemetry (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c3e38f4b70af5228dbb3bc058a3a413daa01d50884e42e8e70b68454163118ba During installation, code exfiltrates environment variables and sensitive keys from .env files --- Category: MALICIOUS - The campaign has clearly malicious...
Malicious code in kyleip (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6a05611ec8862117c6403a4a06759ca56bf2922c2b142a4661b77fd214ef26be Package exploits dependency confusion. A beacon request is used to report usage back, but no additional information are exfiltrated. --- Category:...
Malicious code in forge-jsx (npm)
forge-jsx is a malicious npm package that impersonates an Autodesk Forge SDK. It was published as a fully-formed RAT from its first version on April 7, 2026. Installing the package on any non-CI machine deploys a persistent background agent that captures all keystrokes, monitors clipboard content...
Malicious code in bfx-hf-strategy-perf (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aac057221646f5043eab6606ba990a3a112afc149c583347e40321643deab7ba The package bfx-hf-strategy-perf was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in cpu-optimizers2-33 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 eb2ab5bcc8a1a35fbd4e5d9b19ac517134ea3fd497e66d7d7126089743804a1c Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...
Malicious code in cpu-optimizers (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f82b75da107c50f4d2f3cf5587e7db58a0dc91b77f8511226ff9219623dc145a Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...
Malicious code in fusion-events (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e8c8e696e51251f71e47adebced7b96e693530edba7546edfc180e21202e2048 The package fusion-events was found to contain malicious code. Source: ghsa-malware 88d534717a957da6a2dd2be4f5db4aa652489fa5ac3b30382f4a8e5e06865be2...
Malicious code in base-counter-web (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d62a2050cc5eeb2ef06d0fc82867045f7b3d45cb4285dee67a182482ec29fb7 The package base-counter-web was found to contain malicious code. Source: ghsa-malware a14be5d8c05cd4abe5d7c7cc81e7da406ff18dfed1f6b64d1eb731c9344b4e...
Malicious code in vs-supplier-portal-web (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd4ce50d0cee946b14aa2dee0c469a73331ff0c63bc65b134b3b50edb5d43c54 The package vs-supplier-portal-web was found to contain malicious code. Source: ghsa-malware...
Malicious code in @pnc-ref/harmony-support-v18 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e3c6a47dfcf980f2cd22ec066b1f85f003d7001a45e28ee6a5541e4b18e5edc5 The package @pnc-ref/harmony-support-v18 was found to contain malicious code. Source: ghsa-malware...
Malicious code in @pnc-ref/harmony-core-v18 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9af3593ce67756288a2b5c3d0b337f86b5dc510085895bc2d8f76629a79a350 The package @pnc-ref/harmony-core-v18 was found to contain malicious code. Source: ghsa-malware...
Malicious code in @pnc-cib/cib-core-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8766c693609e1190061234006c3ba48a9e4f421805daabf59baa712e6d634eee The package @pnc-cib/cib-core-lib was found to contain malicious code. Source: ghsa-malware...
Malicious code in com.baogong.app_push_permission (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 93345e918d93e3cd492384a72e95c8e9ce9cafec610ce022b3b19493edb68780 The package com.baogong.apppushpermission was found to contain malicious code. Source: ghsa-malware...
Malicious code in react-dom-19 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e6b5a54efd0bd62412ae002a01495b83a035014f59692e4e942aeaf9fd70d0d The package react-dom-19 was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in neverinstallme (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b5a369ecd7616b1dcdbeeca091c3b5bb9df2096c863fe89e9b45154708d5453a Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in tensorzero-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 72b66b5b70cb431f4427417df356e75438bfa64c106e3c1762f27c257246e445 The package tensorzero-node was found to contain malicious code. Source: ghsa-malware d152b28b710406f0a3eede30abb61ae9698eca9fc72a46a2b6b59eaf23876dc...
Malicious code in @athena-ui-components/axios (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec575fc86c9df0e6b2ab1a970a32ecf46d6c83971e173f481ecf7e87184260a9 The package @athena-ui-components/axios was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in @athena-ui-components/dashboard-widget (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dde903dbeed027bf706e148f4e85f93dd117d93441dddea76703a801a81a5b2d The package @athena-ui-components/dashboard-widget was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in @athena-ui-components/deeplink (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f74fbec503fca2e61a016a70e66269c234d5329e19a1072a7f777c59fc4d466c The package @athena-ui-components/deeplink was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in @jesusvizcaino2021/com.baogong.app-push-permission (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 457170b51d87c7f84644a72a71a9979508a99061e7e8fdee3aa8c2e170493b12 The package @jesusvizcaino2021/com.baogong.app-push-permission was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in js-logger-pack (npm)
js-logger-pack is a fake npm logger that the attacker developed openly on the registry over 23 versions across two weeks 2026-04-01 to 2026-04-15. Version 1.1.20, published hours after initial detection, is a re-obfuscation of the same payload with a new hash — same C2, same capabilities. Early...
Malicious code in @veygo/component-library (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e933eb47618798a0095c7459f32af061415b1c38283dae151ae916e4cb5e4bce The package @veygo/component-library was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in moscova-plural-json-parser (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a51fa685cb52dec458580533d514310ee1449c22a04bf82f6f1fc1e9e7b9db5 The package moscova-plural-json-parser was found to contain malicious code. Source: ghsa-malware...
Malicious code in chief-proxy-out (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b408fee03920bbac11e3f3e2a31fa1948a9d1b99041e54c1e10ba0f5e8cf949 The package chief-proxy-out was found to contain malicious code. Source: ghsa-malware cc92974c8b9f8dc914e29b747314307d52026764bd99c484f10fad298df29f6...
Malicious code in pdf-linker (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14402ea1542260a2cb6471902d5e0d037fecb136e1f2b2995b2741eb775f495d The package pdf-linker was found to contain malicious code. Source: ghsa-malware b496570e3a5a77b10f653cddc3b93d0ae974b01b253f0468a02c169c9fc0eb2c Any...
Malicious code in snitz-chief-cloud-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24a91d88d68aae1e6311a7d533b3efc0618206a56025c6a96c1f1024b3ccf9df The package snitz-chief-cloud-config was found to contain malicious code. Source: ghsa-malware...
Malicious code in snitz-chief-cloud (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bbc306ec8452bc2fd831e57407e5c99169c8e2813debf726f99604d8c6e459a4 The package snitz-chief-cloud was found to contain malicious code. Source: ghsa-malware...
Malicious code in chief-documentation (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4685fab18e6de4de4fba0c842db2c4ee4114ca7259b8339900078fec02724a39 The package chief-documentation was found to contain malicious code. Source: ghsa-malware...
Malicious code in mongoose-stamps (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 073338095bf5f8b7f7ec04e0994d8df1084c899bc6e737b3e7d4aebe26ddc01a The package mongoose-stamps was found to contain malicious code. Source: ghsa-malware b18e13ac80d023110bb0dc5cad4ad32a8f1e4d563156bb626e671b88578ca26...
Malicious code in ahmed_salem_ph (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45bfa2da9e04507b1c6e4fbde5f9ce1d57ce0f499596b2fafc61afb4d544fc4a The package ahmedsalemph was found to contain malicious code. Source: ghsa-malware 911051e187786828f6d65957478aad7f1c354940c6ee7f425dc8a779e4c9e039 A...
Malicious code in kryptex-os (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 034201cad27492b279f5c274a5091b2e617da50f27125c7774db069256b3486e Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...
Malicious code in 7miners (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7501eb0620c75479fa4614362aaa6c5766c8cc2f3b4d8829db6a44ca086cc374 Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...
Malicious code in ant-mcp-proxy-for-test (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 51df3beb4457da4a841727c91a2517ba5727c841c08f9d43cf2b25be9e476564 During use of the package, it silently downloads and executes remote executables or scripts. During analysis, the remote resources were no longer available. Th...
Malicious code in pnpm-workspaces (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 19d252b93a40f90995892530ecd34dc35e9ec7e5b741cb02416fd3dde3e082d8 The package pnpm-workspaces was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in ckeditor5-minimap (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f65f71fdee0224ec38d03c631d1df1a8454347b6d82cfda912b11d387052898c The package ckeditor5-minimap was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in moooo (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 110e4d99f41d1dd4567651dc21115f1793e5e2eab0e12d24ea5a433cdea87f1c When used, the package silently loads code with an infostealer focused on Discord data. --- Category: MALICIOUS - The campaign has clearly malicious intent, li...
Malicious code in buildenv-telemetry (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e56999171c1a81c357cd2b0847497fac643313bd0252be55a1d03cd40be48c1d Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in hive-os-settings (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 27052e523741d1d8f29aaadcd3735affbdeaa919d6fad2d0ff01ce878d6e5637 Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...
Malicious code in tether-wrk-base (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e816f71a9a4581a5adacb19f57871ba8a9118bb980fbcb97c74d6b601a7e517f The package tether-wrk-base was found to contain malicious code. Source: ghsa-malware dd91537dad139a68aee6f4c63c4f9afb6bd315f2d76ee0e8e998dde7a421ef4...
Malicious code in @automation-toolchain/f5-cloud-libs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2bfc189949f1db0cdc70361f74210d6fe3f92c3e69ddad9491d9c7615465f9c6 The package @automation-toolchain/f5-cloud-libs was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in ts-lint-builds (npm)
big.js typosquat campaign - SSH backdoor implantation, credential and crypto wallet theft --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b5b6d9da5acae076b81860b7c119f9b61dd48b9b5360e56b582fdae563f96d8 The package ts-lint-builds was found to contain malicious...
Malicious code in cjs-biginteger (npm)
big.js typosquat campaign - SSH backdoor implantation, credential and crypto wallet theft --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad18a38aa59b5edbd05dbdf229f4d013446f970fe18b41e54ffc1c24a926d2bd The package cjs-biginteger was found to contain malicious...
Malicious code in bjs-lint-builders (npm)
big.js typosquat campaign - SSH backdoor implantation, credential and crypto wallet theft --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 93ff31ee3bf86e4aecefc3ed40ae1647028f7fd482df4c617731ebfd75cad027 The package bjs-lint-builders was found to contain maliciou...
Malicious code in bjs-lint-builder (npm)
big.js typosquat campaign - SSH backdoor implantation, credential and crypto wallet theft --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de4578f36842f930e2a5e6a4129c10eb87bf1005fe8cbdf05ffb9fdc2fe43ad8 The package bjs-lint-builder was found to contain malicious...
Malicious code in bjs-biginteger (npm)
big.js typosquat campaign - SSH backdoor implantation, credential and crypto wallet theft --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce3bc89babfc42de2e7df569ebf26d41dcc13469a19895aa4144c2625ddbd87b The package bjs-biginteger was found to contain malicious...