225918 matches found
Malicious code in st-payment (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5bcf8605142a71ab3977537d339f48dfc102fcb49ce37c8f6b74c6b8af38988d Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in gc-grocery-api (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c6b836daf5ca49f42a298b7400842dda9e2b648326ba12651c7e968459ca12c5 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in @signals-notebook/utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6385e6085b941d851ce17c44dac94bb93521dad91d75b4d284a3dc8f9d367c2e The package @signals-notebook/utils was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in @tableau__catalog-messages/database_lower (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4155e0aa6cc429c2ea66b3b131055983379b13cab66b74fa3c1758e83a48ec54 The package @tableaucatalog-messages/databaselower was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in @telekom-wfa/auth-core (npm)
Package is malware. Hardcoded Telegram credentials, data exfiltration, and preinstall script execution indicate malicious intent. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a2fe12e5542ae8cf1cf339c13c3480629ccfd6e2fb391427c4f1b17bbdc9f85 The package...
Malicious code in just4testlm (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5aed012f2ecc4af261bb7f2fc294b9aee5c0733ccf207b9e9e9a381d51387811 The package likely tests different malicious techniques and delivering payload in setup.py. Different versions, like 0.1.0, 0.4.0 or 0.9.0 contain malicious...
Malicious code in viewer-assets-generator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0022cddbfa3afc707bea5e0e70c8bff5b3249847bd891c628a1fd2d0dc9fa259 The package viewer-assets-generator was found to contain malicious code. Source: ghsa-malware...
Malicious code in kraken-trader (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4bf5ec6e8a6020de1e122cf07f2dde0f02fa1a484ff984586db379729da75523 The package is a loader of malicious code disguised as remote "credits" code. The remote location, built from the parts in the code, delivers highly obfuscated...
Malicious code in black-moon-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c672e4ab8770773551a9ff9b6b95a5740894bd1c689154056f69e5da4fdb879 The package black-moon-js was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in sentinel-tool (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5a2ff07802c4546c40d47d3780971506115297a1e8c177be36ad1e003dd62937 The package installs a remote executable that uses a hardcoded Telegram channel for monitoring the user's activity, including regularly taking screenshots, and...
Malicious code in granulate-utils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 66679376251511e42a5b07462c7888555488f21e228e7b0b0e353db43256d569 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in gprofiler-logging (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f9db75962c82806edd773390d37cc66b2fc0aee51a334a08ec938a011e5f8aeb Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in gprofiler (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4de7c58d59c5e16064d8ecf21d0f57675869c93be663ac27da95d040be7d0aff The package gprofiler was found to contain malicious code. Source: ghsa-malware 42c93390009c40d727cdfd4fedc3b160ff5e7e8730ec94ff196022996855d39c Any...
Malicious code in roboat-utils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 206186397510c57a9f8cb5e6ca8bdf9d5e1349b99e73f8d06da13e687924feea This package is a malicious clone of a legitimate Roblox API wrapper. The new versions are published simultaneously with publishing malicious dependencies and...
Malicious code in @fairwords/encryption (npm)
The @fairwords/encryption package was compromised as part of the TeamPCP/CanisterWorm campaign. A postinstall hook executes node scripts/check-env.js || true which performs multi-stage credential harvesting, encrypted exfiltration, and self-propagation. The payload harvests 40+ environment variab...
Malicious code in @fairwords/loopback-connector-es (npm)
The @fairwords/loopback-connector-es package was compromised as part of the TeamPCP/CanisterWorm campaign. A postinstall hook executes node scripts/check-env.js || true which performs multi-stage credential harvesting, encrypted exfiltration, and self-propagation. The payload harvests 40+...
Malicious code in @fairwords/websocket (npm)
The @fairwords/websocket package was compromised as part of the TeamPCP/CanisterWorm campaign. A postinstall hook executes node scripts/check-env.js || true which performs multi-stage credential harvesting, encrypted exfiltration, and self-propagation. The payload harvests 40+ environment variabl...
Malicious code in @sie-ppr-web-checkout/app (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 977089aabb00f7d390dd6bf7ad3e9038c4998ec2ccf93a2e38016f525c32f368 The package @sie-ppr-web-checkout/app was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in @velora-dex/sdk (npm)
Malicious npm package executing base64-decoded shell command to download and run stage-2 payload from C2 server 89.36.224.5 targeting macOS --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21a732dd2745098176d2c19fe3edb359db6f6690b5d14b8d49e8a00b61325311 The packa...
Malicious code in strapi-plugin-cache (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 322f1a7c9723db125a9be39dcb3f897ca2f65146b7b71874bb3ec26a4825d521 The package strapi-plugin-cache was found to contain malicious code. Source: ghsa-malware...
Malicious code in @aspect-security/argon2 (npm)
The package performs data exfiltration, arbitrary command execution in preinstall script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b426577fc5361773d25297fdb9fce28835e15d9ab86909c6652f5c1b71c4e543 The package @aspect-security/argon2 was found to contain...
Malicious code in argon2-napi (npm)
Malicious package due to data exfiltration in preinstall script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 256afce3626d671d3e6fe9a53923ab5e85da899bd5255e0b975fe5fc22ab417e The package argon2-napi was found to contain malicious code...
Malicious code in @langgraphjs/toolkit (npm)
Package collects and sends sensitive system info to a hardcoded server. The package masquerades as a LangGraph JS utility but contains a malicious postinstall script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...
Malicious code in genesis-1p-tools-rpm-bundle (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d7a13386739eb38301be183f8fafa0281beef0adc59037619ca870c2b075cd58 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in devkitx (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 533ba14fdd7bd4a9722b6958993e6814b7f5b492ed9664250012deab8161401b The package devkitx was found to contain malicious code. Source: ghsa-malware 6344b4de933cb52dfd12ac4a38d68b3ea57498248f6cb291252a1a56d9963b55 Any...
Malicious code in databasenaps (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4e63193532e90f42a370f4171248ffa344728b4699ba6615fbf61c0e7c9e1366 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
Malicious code in databaselooks (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 dd73d73ace43286d9d97ccebb1f758b52cfd114774b862c5b568a7d1151d0112 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
Malicious code in frontend-backoffice (npm)
Malicious package due to arbitrary command execution, data exfiltration to Telegram, and a suspicious preinstall script executing code on installation. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f06949fafe41d4b38a42b1c5573750638b411c02b6edcb1958f3f5aad933d...
Malicious code in use-form-builder-plugin (npm)
Package is malware. Collects system info, exfiltrates data via HTTP/DNS, executes commands, and uses preinstall script for auto-execution. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bdced38cb2f5f34bb91f39b16697369424bf1cbde84ca18363e78454b31d6ddc The packag...
Malicious code in a2a-chat-canvas (npm)
Malicious package due to suspicious callback URL, hostname exfiltration, preinstall script execution, and only one published version. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d466a45c588940f8279288c439a4665d5368f0a7642c966de8e9fd307bc028b3 The package...
Malicious code in request-js-validator (npm)
Copy of 'request' library with injected payload. Spawns detached child process that fetches stage-2 and executes via new Function.constructor'require', payload. Same pattern as express-session-js. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...
Malicious code in nerite-security-audit (npm)
Collects and exfiltrates sensitive data env vars, SSH keys, keystores, history via HTTPS and DNS. Suspicious domain and disabled SSL validation. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 87776a4e480d244c862e76238cd498aa49bd919403dad6de21a85326d6b451ed The...
Malicious code in totally-safe-util (npm)
Multiple suspicious behaviors: postinstall script, hex obfuscation, OS command execution to open a Rickroll, and attempt to hide execution. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d45a8a1395a8ff66e2ea74cacd9d8de0ebaa9e88e0170a6907b3e4861a2acc5 The packa...
Malicious code in df-sandbox-test (npm)
Multiple evidences indicate malicious behaviors: data exfiltration, sensitive file access, obfuscated code, and suspicious network connections. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 97761ee82976dcee2c3d8438258e8ace733bec2d2c7e1020035e9e390f9fa02f The...
Malicious code in commerce-utils (npm)
Malicious package due to data exfiltration to a suspicious host, combined with arbitrary code execution during preinstall. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3bb3d6d3a8a8898abe7e371e54753d5902a5062151888ccff6c656f5edac6ba6 The package commerce-utils...
Malicious code in chess-sec-ssrf1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 25205345915fdf089bcbd90b35f9e852c02281bd7452805479d18c610063ac52 The package chess-sec-ssrf1 was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in cloudera (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11ddf3c5a1eb28ca1531748670bd932bda38d78b04ae81c983361465a2076f57 The package cloudera was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in cloudera-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24e0a829db4a908047174ccb540d590c9df780c994d9ecc1b1705247f89612de The package cloudera-poc was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in databasetapes (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d859d21aa59dfad2efc5c2f98253cd1cc808621fb3b7525037c104324e27dfe8 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
Malicious code in admin0911 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 131de816e8ec55ce8cba8760646cd38392aa5d5c64d74ca83d6331ce81dc92c7 The package admin0911 was found to contain malicious code. Source: ghsa-malware 3b8dd74b10ddf8f43854df0999878fec4cffe7ec1e4d42e136602be00468a54c Any...
Malicious code in @not-nemo/crypto-tracker (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f3d07c3fa41dbb4ad057bb2b346b271dcbef43545376e8a8ad252d64abd7e25 The package @not-nemo/crypto-tracker was found to contain malicious code. Source: ghsa-malware...
Malicious code in @needl-ai/common (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e1b98ae2755d0fd7d61bc3dfd378dc1bad2eadf7ef0033ba66bbf1383a711e5c The package @needl-ai/common was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in databaserobooms (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 193ce4e29885d967183910228ce00d02b4380d25ff1a9b342b1fb5b4c124e3ca During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
Malicious code in databaserotacos (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 04d640be20e9d2ff55f7682d535f6fd56b67b50008307c2e41986d6b31d4bfa4 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
Malicious code in photo-extractor (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 67f3f604528f125e85fb7be00bb17d7cf2abc5cdb20a12cbcbb38633f5877f14 Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...
Malicious code in discord-request (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 72c23e7229682f063ef325dcc1a1a7d58bff184f694b76594af9eeeeeca958e7 The package contains an infostealer focused on Discord data. The code is broken. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
Malicious code in gangomodule (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8117683c90fb188f9fc013b3b3006dc5e31269d2511dd7c80eea9ac7b6892d09 During installation, obfuscated code validates the environment against typical sandboxing signs and attempts to download the next stages from remote sources. T...
Malicious code in strapi-plugin-blurhash (npm)
strapi-plugin-blurhash is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topolog...
Malicious code in strapi-plugin-advanced-uuid (npm)
strapi-plugin-advanced-uuid is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...
Malicious code in strapi-plugin-guardarian-ext (npm)
strapi-plugin-guardarian-ext is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...