225917 matches found
Malicious code in databaseroboat (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3c3d5d00b97ea534e5873e4b0aecaa2895fcc25dfca987d487dcc2510cf14f3a During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
Malicious code in hiveos (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 632c5c53f72df87d7b0d9843df212e147e729699ffe5e7f6c20e3cd41fa13f64 Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...
Malicious code in pychatz (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 adc76f6c0051f3b8b31b378b6b6078e553750338e2489de9de83315bea349657 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in safecheckit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 84f17b127af2c89551ea0059e4741da3fb5158405fbeabf042f7d5d89a098b21 During installation the package downloads and installs two executables identified as backdoors trojans. --- Category: MALICIOUS - The campaign has clearly...
Malicious code in thisismytestnouser (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c2f082ee09bfe98c91c243abc15967cbc6fdc7731d6e9657669853e0f148f7dd During installation, if run under a specific username, the package downloads and installs two executables identified as backdoors trojans. --- Category:...
Malicious code in iwantsafecheckit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c982c88e841ae349f894f45b27e07f7154a252963ec05ff8e9536f46102e6ecf During installation the package downloads and installs two executables identified as backdoors trojans. --- Category: MALICIOUS - The campaign has clearly...
Malicious code in database-roblox (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 bc72e398d8a27feaf630ecd5c3f852b452ad895a1e0a104abbc87da277e3bfc4 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
Malicious code in f0-state-manager (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 989b5f62777b6b7fbd236eb28a54b0e42ba48548dc0a49919c5f311c1f1c7072 The package f0-state-manager was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in merchservicingnodeserv (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a4eacdccf8a177ac402bd5896b3033df07685cd3e951476d1e28e341e8e74b4 The package merchservicingnodeserv was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in dial-app-version (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9efdd5b481d49a0d9ac535aedde75dbf5638bd85e7efe9c536d2938c57142799 The package dial-app-version was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in bizsignupnodeweb (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ceaf1cee13e367f987a97f8de4c8fb4985ab1eedd49be1912467793dce9f0ef9 The package bizsignupnodeweb was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in sn3akysnak3-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21fa246103030890351ed5948825f415a78600c6aacb5187dbd840518f744d92 The package sn3akysnak3-test was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in interwebz (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 02fa95914b7edc63771b97f48f4e05119f87309224b5e9b5aa990ab6dda8acc2 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in @adac-fahrzeugplattform/ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 779ce69d66db89d0bc1c8b82a373e6fed7e1b6a84d2cdf56bcab4b3076226f5f The package @adac-fahrzeugplattform/ui was found to contain malicious code. Source: ghsa-malware...
Malicious code in roboats-addition (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f9c3e8c3efcca9a56765d765638b1f7a25769a8a94693c4f391804337be55fcf During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
Malicious code in roboat-additions (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1af64a27f6bd87cbd380cb838d6c8c06696f9497c246fe348d5af1bbc17f6122 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
Malicious code in roboat-addition (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ece419769280a3d6ce017d5cc460eaf49742fde83ede008765b77f3e49ff67e6 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
Malicious code in python-aiogram-telegram-updater (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 94b286136c318836563c0eaddf44e8d1b21f217086b444a3266d91b69ace79b8 When run, the package exfiltrates files from a cryptowallet and modifies its executable placing an implant exfiltrating passphrase later. --- Category: MALICIO...
Malicious code in aiogram-photo-updater (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 62ec906fc563c8e7b6c22bb0dae1e739e6c3d8e24091105a8eafb292dae2f661 When run, the package exfiltrates files from a cryptowallet and modifies its executable placing an implant exfiltrating passphrase later. --- Category: MALICIO...
Malicious code in payerpath-customer-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9163fb244b7c2f4964eda703f5a3de55f6858b9f5a7f7508b69e1b0ce3b21b1f The package payerpath-customer-lib was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in autoshipment-public-front (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9e88d7d57a4db4ac2a1f359905f9bff3aba5176c373833890d1f58befc32b4d8 The package autoshipment-public-front was found to contain malicious code. Source: ghsa-malware...
Malicious code in npmamzs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 25a8c88c6c60c588983806906169ffad0a2a863d45482ac8e2740f320f7cb2ea The package npmamzs was found to contain malicious code. Source: ossf-package-analysis d494475ee013b73bb0df9b1f0533b2f169fb6feff4b7c3c282c3629588be4e...
Malicious code in copytrading (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 00e18dbfb3978939790912c09da21fd43b670c4017c160002bb5fc534164e577 Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...
Malicious code in trustwallet (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ffef6e3541d5ab62ee32f0d44e9da05c6e495c15a4c9a9d9a4866e40ae502604 Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...
Malicious code in metamask-api (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d741c998a924aa720c19f13cbb622ebb5862abde8765dac7f8bb2cf1b219c3dc Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...
Malicious code in claude-lite (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3a73f0745200bef9d517a2ac5e3e69189347e0b730a0187e71c3c201accd5833 Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...
Malicious code in solana-api (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f0a22ac83bdfd88312e7d422a0e3c27531ccdb7a6c6e4afa1ae513bb9aecf41f Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...
Malicious code in gemini-ai-api (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 db2be37ea455b54b825242a3f66310fdf3f70e50b1dc1a234fa3ebb534afa857 Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...
Malicious code in monolith-twirp-codingagentintegrations-codingagentintegrations (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 24ecd94ab40a4a1b574b48137b92d60ad65d610301ee07661c928706bd54c81b The OpenSSF Package Analysis project identified 'monolith-twirp-codingagentintegrations-codingagentintegrations' @ 1.0.2 rubygems as malicious. ...
Malicious code in monolith-twirp-copilot-registry (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d1eb9592b2f976d7d487d44c8f45592b2953e5f51edfeee7242e020dfb64176f The OpenSSF Package Analysis project identified 'monolith-twirp-copilot-registry' @ 1.0.6 rubygems as malicious. It is considered malicious...
Malicious code in monolith-twirp-partitioning-pull_requests (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4214957e3e8849b6df7eb3bbd1b2c6e547fe8aa2c590a8a3a644e7d6ea8d73ed The OpenSSF Package Analysis project identified 'monolith-twirp-partitioning-pullrequests' @ 1.0.2 rubygems as malicious. It is considered...
Malicious code in monolith-twirp-reposinsights-reposinsights (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 49ad89ab960db3d5775dcbda83df2d42c9b3ccb2e799c7ee83729e6451b94e02 The OpenSSF Package Analysis project identified 'monolith-twirp-reposinsights-reposinsights' @ 1.0.2 rubygems as malicious. It is considered...
Malicious code in monolith-twirp-pullsd-teams (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b0a21f2e863ad85bc56da074019b5369ed68dc7280d0c81ff65dd8425308c7f6 The OpenSSF Package Analysis project identified 'monolith-twirp-pullsd-teams' @ 1.1.1 rubygems as malicious. It is considered malicious because:...
Malicious code in monolith-twirp-loops-core (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8d4a98f58930eb7f736a5c69a6cf5de5b6dd033785255d4d55ae1da5a5866629 The OpenSSF Package Analysis project identified 'monolith-twirp-loops-core' @ 1.0.2 rubygems as malicious. It is considered malicious because: -...
Malicious code in monolith-twirp-pullsd-repositories (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1c34eecc811d04d6583504ad631024a727df5e2107a1025a2786bf8a56a59d3a The OpenSSF Package Analysis project identified 'monolith-twirp-pullsd-repositories' @ 1.0.10 rubygems as malicious. It is considered malicious...
Malicious code in monolith-twirp-pullsd-pullrequestinfo (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a6f4e556f55b516ccdd02700729877fa73287ece3920dfc7288d673ed337d5e6 The OpenSSF Package Analysis project identified 'monolith-twirp-pullsd-pullrequestinfo' @ 1.0.1 rubygems as malicious. It is considered maliciou...
Malicious code in monolith-twirp-scribe-scribe (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b03619db6c705a6825d54849e5322d125ae380dbb1f7e404b46718868185faeb The OpenSSF Package Analysis project identified 'monolith-twirp-scribe-scribe' @ 1.0.6 rubygems as malicious. It is considered malicious because...
Malicious code in current-context-urn (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a89385538c4df75cf7f40207e1ccdf6501459d80e8c9a0580955e9422d7c3a4 The package current-context-urn was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in xpna-context (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 678a96ef06b05d2ab867c1eea4dbed1cfc69f99cb4904e02c48736df0da7695e The package xpna-context was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in shenxun162938 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 19e684dce319a00214edebc8d8838e4402d88146cff78f1eadf297cad0e3a2ab The package shenxun162938 was found to contain malicious code. Source: ghsa-malware 0dda575a13831bf3df894664e6e2a6a107e33099c3fba68937d4ff1dde1c8317...
Malicious code in thisismytest123 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7640ee5ded7bcafbd9863565d68a7768bdc9bd2abca56a69d73576e7e9b2c0df During installation, if run under a specific username, the package downloads and installs two executables identified as backdoors trojans. --- Category:...
Malicious code in telnyx (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 64fdec8c3d81e855431dd89a2eb1008654d9d4ba0e01293166234b3609efe00a The OpenSSF Package Analysis project identified 'telnyx' @ 4.87.2 pypi as malicious. It is considered malicious because: - The package executes...
Malicious code in dgxeon-soket-buttonx (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a92a6c68bc523541697f8bb80096a0b9425efac6c8413c08e4dea82afad4e4a The package dgxeon-soket-buttonx was found to contain malicious code. Source: ghsa-malware...
Malicious code in dgxeon-baileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d41bea5fa12db95f82f32ef9f61f3e7dc60e7ef381589dff3780e758c19441f5 The package dgxeon-baileys was found to contain malicious code. Source: ghsa-malware 6c59d91ff6ae7727c79a7dfac9d7a7251193e519cf4f1f846a7368c1db065340...
Malicious code in chai-as-added (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 121a09e21b10c98f705a02343e235a9800c57b33a81abf364a47c3af69b6ceb4 The package chai-as-added was found to contain malicious code. Source: ghsa-malware 8d5056d792b6ced90bb9fe5c9ebd1726cc6bd61554739bb67c933cf4f7f50840...
Malicious code in test1sharp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 870c745216e287e72f189910e8bd7369f6d6aedbabf85077bfe170b2d1e1de12 The package test1sharp was found to contain malicious code. Source: ghsa-malware c18dd124c0c097c8c6e277f7fd86c791a6d988ecb5545f5811c669e6c1269a95 Any...
Malicious code in testtestsharp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d76d90d4c0413d045792eb3caf31ab7aa89d88854a891b2327107997b39eef91 The package testtestsharp was found to contain malicious code. Source: ghsa-malware a60a14bbd40854d1657cc0976cb3cd48a5cf74e75ed0be4db3d263ccbb782392...
Malicious code in @ev-tech/eva-container-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 000e7dc4c22d822e052329e85f5a615743547eaafc111f35576b780059ca2afb The package @ev-tech/eva-container-api was found to contain malicious code. Source: ghsa-malware...
Malicious code in cua-primitives-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8835d90bff1ed316ff7b7be2d8a1223402e539c4b10cfc2ba0de3164dc438570 The package cua-primitives-server was found to contain malicious code. Source: ghsa-malware...
Malicious code in shop-republik-ch (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da3fe1a756db5b61e6883fb43ab2f27fd56333e302ad597c4bb9f1743b1f19b6 The package shop-republik-ch was found to contain malicious code. Source: ghsa-malware b68c5977e45306e58eda4d2345cb1ac0eba178c179064471f3327a30915e6d...