225917 matches found
Malicious code in experedzss (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f70a37180c88f0ddd0cc94346d4bb7703667321771ecc6de6c9c74f03a77f464 The package experedzss was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in k8s-node-health (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9358111fecbdb3180b8f4c0c6543abff3024c59deaf488cf3a34089820e96172 During import, the code download and starts remote executable that later connects to a C2 server, likely establishing a reverse tunnel. After executing the...
Malicious code in bytefrontier-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0a29cf25347b160fe6625e86e0df46723174e739cebc771b5d08eab295a68aae The package bytefrontier-sdk was found to contain malicious code. Source: ghsa-malware 6f9b7385e8f58c8b6fad1067fb18e542229655e25153a257aaad92c7a9cc96...
Malicious code in vv-ftend-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52e6dc460495b044b5104f5b43ce39cacbc3bddfd089ca9f48ba821fb9d9b77c The package vv-ftend-api was found to contain malicious code. Source: ghsa-malware 516291f1a77610b9273279b0bfc4b6502c42024be5ce84308ad96ab226fa216d A...
Malicious code in bytefrontier-tracker (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a556a5a46fe4be2c1c7662a6481c9086b192375a17d4dcdccfbe52564ed78571 The package bytefrontier-tracker was found to contain malicious code. Source: ghsa-malware...
Malicious code in partner-tracker (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf0b992863c06f797a9dddef6a493b0391094c9a2ae31fec47e961dd1afdf562 The package partner-tracker was found to contain malicious code. Source: ghsa-malware cfd28d767cd7e0db43c5c52d0b219663552acd6a5f60a34795736624c5cb612...
Malicious code in bytefrontier-partner (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a6b7c067c478263090ed1c2af69f93fb08ed460a91f5e70203c0de2037710507 The package bytefrontier-partner was found to contain malicious code. Source: ghsa-malware...
Malicious code in bytefrontier-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 454ed598382f4741fd508b6e967cfbf60629e200716dd52a83502bc7d9bdd487 The package bytefrontier-api was found to contain malicious code. Source: ghsa-malware fe062cefc7bc337f97aa697a47d972ab881c8000714a3d5161ebb68c811b37...
Malicious code in partner-tracker-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector abcff950068cf454cf07ead8614f95dd6291f4204f72ada102c7b4c3d72c0cd1 The package partner-tracker-api was found to contain malicious code. Source: ghsa-malware...
Malicious code in vv-ftend-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3096bbbc1b06c1a0df854ff812112a3d902b8a5c8926880c146f8b36e8497897 The package vv-ftend-core was found to contain malicious code. Source: ghsa-malware 31aa4449ee3c83b67dd8e118498746b83b9b02e0d8fe6c095f6d08f6c7a9b62e...
Malicious code in @mgcrae/pino-pretty-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c31dc9253706aebd955016075e321d19d7dfc9b231882d7b24a6c932fa3dfa80 The package @mgcrae/pino-pretty-logger was found to contain malicious code. Source: ghsa-malware...
Malicious code in express-session-js (npm)
Package impersonates legitimate express-session package; initPlugin downloads and executes attacker-controlled remote code on startup via new Function.constructor --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...
Malicious code in @_wnpm/wnpm-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9729c3c0a6c625f2d6cc79833205a4331647989fa84d85bdd158924af91020fd The package @wnpm/wnpm-cli was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in eht-account (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7e1fa4f35985059ad18e3e325fc65e1d25a5692cc9690a4b15af2d76492b95fe Clones of a legitimate library. During processing the private key, it's getting exfiltrated. --- Category: MALICIOUS - The campaign has clearly malicious inten...
Malicious code in ether-account (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e807b32b64c457df7e89ee3ba1e8e25fe779ccff08b1da00800b705ff833f42e Clones of a legitimate library. During processing the private key, it's getting exfiltrated. --- Category: MALICIOUS - The campaign has clearly malicious inten...
Malicious code in polymarkets-sdk (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 facfcba74011619f5bb2eaf096e41239f81520cb4effff3b45f8b42c84d42060 During import, the code attempts to exfiltrate to a hardcoded location sensitive data, including private SSH keys, cloud credentials and Windows SAM database...
Malicious code in kube-node-health (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 391555cff14c82156843bee267daf896c3e3e989b9c899ef34b12ac7e23b1c7e During import, the code download and starts remote executable that later connects to a C2 server, likely establishing a reverse tunnel. After executing the...
Malicious code in mcp-server-todo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f426e9e8a841f37f765614c031a1b4f56bb7ee1c8d5ed51b2aeb27a261edce9 The package mcp-server-todo was found to contain malicious code. Source: ghsa-malware d2e2326574c0d2811c6c20ff1523ad04fc4bdb6f062080751acdca4a592c68b...
Malicious code in kube-health-tools (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4d36d5ed9b1bc15c12e89f48c1228a4f6e3aebe558a67d535655e280b25b4440 During import, the code download and starts remote executable that later connects to a C2 server, likely establishing a reverse tunnel. After executing the...
Malicious code in raydium-bs58 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 866a59b63d949dfe36c6082c9daa6fddcb18993724e9980c245a49ff59944fee The package raydium-bs58 was found to contain malicious code. Source: ghsa-malware b6ba968c5cb1e12fc81fc5ed1694c2221b6ac0299199508b80100927801f07f3 A...
Malicious code in bs58-basic (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 56502a3bb31374f7cf0d79d8abc98ccac595ca94fe2b9720daeeb9217901c9e0 The package bs58-basic was found to contain malicious code. Source: ghsa-malware 5101b36fd690268aa870c7d458d29e404540f3d3cc29dd19404137ca9f618f56 Any...
Malicious code in ethersproject-wallet (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b1c992cfad672d784afa83763c813b657de3834631b9dd92b6aaa7237e87440 The package ethersproject-wallet was found to contain malicious code. Source: ghsa-malware...
Malicious code in base-x-64 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2486f9bad36944300cb58e1a73a370afef7be10040daf814861d1b1a6287cdb8 The package base-x-64 was found to contain malicious code. Source: ghsa-malware d09ca9d36cb3821dc878f97db3b7e8ddef6f5f8e390373492186d10b668718f3 Any...
Malicious code in @logcore/pino-pretty-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6a729cc1811bd1bc1fa94404ad4bcd8376c1a29b90311fd2a89efecff51fe592 The package @logcore/pino-pretty-logger was found to contain malicious code. Source: ghsa-malware...
Malicious code in base-or-engine (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2deff4ab9db147fda78b79b3687e76c9d46381670c58924f03f852518002a649 The package base-or-engine was found to contain malicious code. Source: ghsa-malware d6d4b7d60db50af8f8a9614f9ac0a742cf6472998e11e6233c6190b518332958...
Malicious code in jellyfi-pino-pretty-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d1230eb2336763c228ba6ac98d349f8cc64a1ae28755d8da374f336e77aa928 The package jellyfi-pino-pretty-logger was found to contain malicious code. Source: ghsa-malware...
Malicious code in base58-engine (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3507af35455908a5b982b470adae215c0ee155a68cbe2a6a59a1f3b6bd98f342 The package base58-engine was found to contain malicious code. Source: ghsa-malware 9f811caacac31851267205cb855bc06a1a39a198f98d9510f12e27dfba097f83...
Malicious code in jonas-prettier-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 28f4e8e2d6e083733be2f7a98647f2a7267b3be203837f3081b4884ef3b926a0 The package jonas-prettier-logger was found to contain malicious code. Source: ghsa-malware...
Malicious code in openai-async-helpers (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7619c9858e5326f4842462084bc313409a364f2b5c9aa004103c7d33a97c3545 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in pygithub-async-utils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3c20bbcf01f681691e2c58279ff8311b11abc35424e16ed9adc942cf82cca2ba Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in latinum-wallet-mcp (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 afbe7d2a026f5fb11d3046e061ded50c350b420b146cd446fc0e009cb7190543 Starting version 0.0.32, the code automatically exfiltrates the private key together with other metrics during the buildmcpwalletserver call for the Solana...
Malicious code in @c8o/nimbus-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8225c79aa127203c225df747705db370e11cfae184af100a063b2dfa4eb20eb8 The package @c8o/nimbus-core was found to contain malicious code. Source: ghsa-malware 23fd3197db4264e7b8ef6d65380e017c5b205b46a8e732df586feffcf3c7c7...
Malicious code in coredxloader (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b26408ee7735357c61e0a81e60620000999ef84eba419797b20858e5ce5b4a62 During importing, code starts a malicious script performing exfiltration of sensitive data and credentials from e.g. browsers and Discord clients to a remote...
Malicious code in tailwindcss-typeface-inter (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3a4cecee37faea4489bd810f6d044cde9205a74e0c225bef7b07cbbe207eb88 The package tailwindcss-typeface-inter was found to contain malicious code. Source: ghsa-malware...
Malicious code in officepyai (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 563256c9d63fdb25dd344ade9c0df9605a7b22e3fc849f2512f5366e557e562c Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in lakeflow-community-connectors (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 931d6183e0dc407fb2c14769dcebb7d1845f4af9ca0b26766d75d783b5611165 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in workingitme (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 77ec565b572be137d67ece8342d916cb970b501ee390e7250878e27277685fe9 During installation, if run under a specific username, the package downloads and installs two executables identified as backdoors trojans. --- Category:...
Malicious code in zzzzthisisitwantsafecheckitzzzz (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 fbef17827bf88f06c2278d700e386c98e2f1360fd533ba1415c9060ff56a037f During installation, if run under a specific username, the package downloads and installs two executables identified as backdoors trojans. --- Category:...
Malicious code in axios (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 503284900929e333b801f9f47419a2b4c21e4022d13a03fc14e4b5390767a51d The package axios was found to contain malicious code. Source: ghsa-malware bcd851213ecf0f8dc58fe88d79b3d19a59388272b2426097de7edc4c53df5d9e Any...
Malicious code in plain-crypto-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f18d90df82216aedaaeca02607816457cfe0df4bc89bf292a4d7f3549e912d8c The package plain-crypto-js was found to contain malicious code. Source: ghsa-malware 4dfdc3dd18fb6fe824f34c663d26a2f7225e65a4b858a6f3ed6620a7a725c86...
Malicious code in databaseroboats (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 758a06f15ef5917ecf964bae5fa46f084b028b69c8dd133acb90da972f6a6f09 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
Malicious code in spanner-client (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 659a15d63f794432104121cf729687768f76fa3dadd0b4ae9d8c9327021122af Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in prodaccess (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 71f3b91c61448eb2dee3cfb46f56b4e38dab0202af78c52163d5b6ab98e85c2d Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in dremel (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 27df3a2ebf6e129a3e640d55b9dd03b5f21cef1694cd6ccdae97e456f098ce2c Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in loas (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0177c14c2fb08f69729838152272244428733a8e3682c3cbdc6780ea2fab6e38 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in eslint-validator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6bd32859b79bc7696823cfd3fb1a51a5036a19dd9e92b88f4c3cbc2d06fca8a9 The package eslint-validator was found to contain malicious code. Source: ghsa-malware b74db6c61aeb8e5a3729f1f8e311559e5203aab14dd2c8ec8c87ccb868a1ff...
Malicious code in mnemoniclib (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c88fa4e30e2437fef5f03db434adb0f34ee48d8bec2d3361d123b10086b28772 Clone of a legitimate library with added malicious code that runs during generating a new mnemonic. The malicious code collects data related to cryptocurrency...
Malicious code in hiveos-sdk (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6d040e58dddde324da836a19a41eb5c65698ef869ed3e534f662136f1fb48440 Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...
Malicious code in earthengine-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 367514ccbb2bca5ad75eda53d2890a583e465233d2b6915acffa09d299405277 The package earthengine-api was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in bos-decoration-elements (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8cb5985779c5099333bec5b084b209c36dea0dd9fa47ef2c2d7c3630c33daaa5 The package bos-decoration-elements was found to contain malicious code. Source: ossf-package-analysis...