Malicious code in typescript-rtk-query (npm)

The package 'typescript-rtk-query' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in transform-jscript (npm)

The package 'transform-jscript' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in require-in-package (npm)

The package 'require-in-package' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in transform-proto-to-assign (npm)

The package 'transform-proto-to-assign' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in import-newlines (npm)

The package 'import-newlines' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in @storylane/uikit (npm)

The package '@storylane/uikit' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in pymnemonic (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 459bd254a36d9b8c78d96285e0c0aedb285b08f22900e022ea67988f3cb98e92 Malicious clone of the legitimate python-utils package, disguised as a crypto-related helper. The malicious code modification exfiltrates sensitive env variabl...

Malicious code in do-not-install-this-package-004 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 155862095ddb7d3410298aef76abdda3e7eeaf5609b72f97c30790c317b8d1cb During installation, the package exfiltrates env variables and data from different process memory to a remote location --- Category: MALICIOUS - The campaign h...

Malicious code in flowpeek (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e79fec156ab781e041d49cebd6082ee113ef98ce53945dc1a949a3a8e96fa734 During import, the code starts the embedded executable. This executable is an information stealer extracting sensitive data to a Discord channel. --- Category:...

Malicious code in kvstore-pb2-grpc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7208dedf651be9d1e330692ef042b89e5bcae7e8aeee7f2ab400d49e7a574de8 During import, package decrypts and runs a malicious executable. The executable is hidden in an encoded and xored form in the JSON resource file. This is a...

Malicious code in dgl-cu117 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4f9fcfe9f469df3c132eca5b08bac4a30c146c7b1305f506fd900b1e78581b0d During import, package decrypts and runs a malicious executable. The executable is hidden in an encoded and xored form in the JSON resource file. This is a...

Malicious code in python-anchor (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 914b16cbc506c57a77eeed5ae14955bcf3b58fa49da92c2686b56a1d531c5268 During import, package decrypts and runs a malicious executable. The executable is hidden in an encoded and xored form in the JSON resource file. This is a...

Malicious code in my-super-lib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 58a8ef40f042f56d80d455abeb03442516dfd8ed81f462d9da071089ff82f31e During import, package decrypts and runs a malicious executable. The executable is hidden in an encoded and xored form in the JSON resource file. This is a...

Malicious code in ariadne-federation (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3eb5492b220fedd5fedb29045328e749d659aea6e38ed743f7aace2d623d07d2 During import, package decrypts and runs a malicious executable. The executable is hidden in an encoded and xored form in the JSON resource file. This is a...

Malicious code in @3stripes/common (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2cf6f6a1fb0e79c716386545df6b4a1e4df689bf6b35e741c28150cc3fad072a The package @3stripes/common was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in @3stripes/auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 152509a4bd82adf6364c22476faa63746b5ddc6649dd64a7fdf96ff5e67ebc13 The package @3stripes/auth was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in @3stripes/helpers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 43a7574944c393165544faca6357fd6ce623ef66d2b9b367a3042f34eae4f81b The package @3stripes/helpers was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in @3stripes/api-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1644f08d12a97a4daeeca3e4195d91585bdbe1a8c2085fa918a92427cf1ee99f The package @3stripes/api-client was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in @3stripes/utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a35a49fa45b490839a3f7671aed0d41c821f7a2925a015debe9f168e09476451 The package @3stripes/utils was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in @3stripes/ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3319f763eb66b1fadca0f6bc56787fa08c4ef40209f072ba65dd6cdb628bf66c The package @3stripes/ui was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in @3stripes/lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2cefc88878b1d12a39232d39387d16e564c71a9ce50047e025e7f26f848d4858 The package @3stripes/lib was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in n8n-nodes-text-helpers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d9e6f076079fc1e5969f32f2e96bf4ee653d57d47b342f378cc857e678051df The package n8n-nodes-text-helpers was found to contain malicious code. Source: ghsa-malware...

Malicious code in tracking-service-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dbea868891563a569959fb4cb0283257c07da112b0e854b53431157e0a12af57 The package tracking-service-config was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in test_pkg_forppe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb7a0a95274f0d2d68d1bf6fc49d05bfc1b8a7e041147c0597e8db59c5552015 The package testpkgforppe was found to contain malicious code. Source: ghsa-malware 4f40eeeea0e63ed3d90dbfcf8f947f134cf561db8c1775a61ae4099c71c926e4...

Malicious code in native_dep (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf8cbbcc5fef314cdaa3a8b8c2d15e298a0c5f1c444084cc36a8dc36a95b7da1 The package nativedep was found to contain malicious code. Source: ghsa-malware 96b85414b77cb51face1caae1f5ab5ab4ba386fb95ba1c8594ac3ce47a6cb19d Any...

Malicious code in devlino (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ab9a10cdd7f1009bc1531da7299dc55e1a8ab63a76e1175becfff1dd629cf0f The package devlino was found to contain malicious code. Source: ghsa-malware e2d2201ff31202f25731c9699e97997f89ed857a82aa98a9feaa0ebe1243c45f Any...

Malicious code in fastapi-middleware-cors (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 305178589615e2247b892b3e305e5fd69a0fc02092f0b115b6b384441f5ddd46 Library disguised as FastAPI helper is executing obfuscated code during importing the module. The code is highly obfuscated; the code seems to contain an...

Malicious code in cw-isdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae10c11f397ea01855bd467e8a77fc7f7ccb97477c54bfee0bae46cd5c324ca4 The package cw-isdk was found to contain malicious code. Source: ghsa-malware 54e686b27022344685c371190035a9586a04498a711c2456bdd9b5644c43c833 Any...

Malicious code in tailwind-mainanimation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64236873269f6da90599a0e0136ce22979e4bbfd8103cf4850e42c1179ae6cb5 The package tailwind-mainanimation was found to contain malicious code. Source: ghsa-malware...

Malicious code in tailwindcss-style-modify (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b0ae66880918a2da3f10a1be7386982be7c7ff76855cf9f401733b92436e1d3 The package tailwindcss-style-modify was found to contain malicious code. Source: ghsa-malware...

Malicious code in project47 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a3f77d5ebfcf087b4f055d7ce552ee0165eadf99d8cc6dcd0f3c767393099d27 Facebook hacking tool that also forces the user to follow specific accounts --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

Malicious code in darkig (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7589c67c4429eabd010f891cb17f893ee11ec3cb873d4a31095cc3592134f762 Instagram hacking tool that also forces the user to follow hardcoded accounts. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

Malicious code in ighack (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 889207a729f6b97c385d6c0afe217776d10331cdf7e5dd511f80e0d01e899842 Instagram hacking tool that besides abusing the Instagram API, also automatically uses user's credentials to follow hardcoded accounts. --- Category: MALICIOUS...

Malicious code in nfd (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 09861068d4a40cdebd80dae1ae4db85b45498bdb1f7f039cf44b33f41e68534f Facebook automation/hacking tool, with a part of its code obfuscated. Given that other packages from this uploader exfiltrate user's credentials, this is likel...

Malicious code in hardhat2-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c07f3569b1ea09e6b004d6249655bfae8ddcec6a95981a49adf26a2a32ebf435 The package hardhat2-config was found to contain malicious code. Source: ghsa-malware dcc4ecf526d7ea6da9ad012c177af156b24bd09ac322140e1390de5a3d20b5b...

Malicious code in twitch-security (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4f99261d9b844b178048388c92a488b23fa3bf806bbedbcc40108cb97f0b7087 The package twitch-security was found to contain malicious code. Source: ghsa-malware f46d2713d7df72180db5cb77dcd0cefbbffa8baa5a245e376ab250a84d29fc2...

Malicious code in twitch.dashboard-v2.core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 637dc1fe27ba94d42da29869618ddc561c6dece34d9b0cbfc0061919e77de510 The package twitch.dashboard-v2.core was found to contain malicious code. Source: ghsa-malware...

Malicious code in pulsard-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5088b269cb089b9b077cf5a13f9b00cbb8d01375276ce1e2f1c99fc7154a46be The package pulsard-utils was found to contain malicious code. Source: ghsa-malware ff1030d82dfca7d7403806e0bd8ba645d25cddd141cb5480664a6555f2d441d7...

Malicious code in brlc-base (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4e1d5bf92d7953e1333f3d575ad749dc56b9914ae64813b2e9753a0718a2882 The package brlc-base was found to contain malicious code. Source: ghsa-malware c50e966389745dbbf1f8c81e6b0e19db8d01502091437c4148cde8991e9e314d Any...

Malicious code in nai (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a9e4650a322afd07ff77c3f934248e52f477f2d1cebd0c84b1074bdba1142efe Package is a hacking tool that not only abuses 3rd-party services but also silently exfiltrates credentials the user uses to log in there. The provided account...

Malicious code in thief-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bcebc8919f53e78dae4adb16168fdd37abea93d969d3411b948ed1781c6faf28 During installation, package attempts to exfiltrate cloud credentials and sensitive env variables --- Category: MALICIOUS - The campaign has clearly malicious...

Malicious code in makenotion-ppetest (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8a77a3e2f70388147c71ce781715204b49848f8a88c362506e14ecfbdff51208 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in rrweb-v1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2c1a8d89ba0817d9264bc9f6e59c5c1e4c683b98ce32ba7d9bcb3e61f1f016b The package rrweb-v1 was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in pino-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 472c700cdf139a1d7d1df4de30c13fcc5b6a3dcbf684324d9b7e9b3b9c43cc52 The package pino-sdk was found to contain malicious code. Source: ghsa-malware f682f709d89d5225b0a58afb163385a649ad8f5be7e56f7811bd30876fd7bd3b Any...

Malicious code in solana-pumpfun-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 25b5c167c097f41d490f55b16ad2263c163b7afb898528dafb13a74f513b9181 The package solana-pumpfun-sdk was found to contain malicious code. Source: ghsa-malware...

Malicious code in @dinzid04/libsignal-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52c73bb6dd5e6b3ba149f8a95cc91deaa505ee81bbdc34eca6e16bd7d2cc1a2f The package @dinzid04/libsignal-node was found to contain malicious code. Source: ghsa-malware...

Malicious code in @dinzid04/baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e75cf71f0ce959b1ec335f4481db2cc423250422c02e9bf33d40e12b6f541760 The package @dinzid04/baileys was found to contain malicious code. Source: ghsa-malware...

Malicious code in tailwindcss-animation-advanced (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ce5cca16e60f9958f552f1a26e24d39638ac246580074b3125b8867e9769f3b The package tailwindcss-animation-advanced was found to contain malicious code. Source: ghsa-malware...

Malicious code in cortana-md-bot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 686dc6172d061151a94189d41cd564a6127d00f10af75880962a357301ec135e The package cortana-md-bot was found to contain malicious code. Source: ghsa-malware a712b3a56136d272ebf1a688ff9ea1cc572023730622963df1e6e82389177d28...

Malicious code in @depro-tech/cortana-md (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ab02cdce682fe76e6709fc00a3df615b366f38ed30270f635ddca7b122275fc The package @depro-tech/cortana-md was found to contain malicious code. Source: ghsa-malware...