Malicious code in npm-builders (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c63391276857464ec97afe878e9a323907ccb5cc79486e5d11ce3078f2621e1 The package npm-builders was found to contain malicious code. Source: ghsa-malware 83c8c91b9b31b2f06c283e24505777cd3486a18286a6eb6a2f2b29ca2e6462e6 A...

Malicious code in chai-as-flex (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e209e357d41cfd5d03c91f7b03e155685a36191ac79740818656d310c71390fe The package chai-as-flex was found to contain malicious code. Source: ghsa-malware 43ec01f2ce6223022a2f8808fefb3586a644577acb62fbe4184add705f616914 A...

Malicious code in collectables (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e007c43e26edb912325f1478ec6cd5cd838b5d7e5ae62beedd3baa02638b3dc4 Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...

Malicious code in collects (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fc7f98d0c4c092f4eb4a73240f8c7a5df90717853ee408fefa9eeb09a41d2cae Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...

Malicious code in anontest123 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f4d47757d3ee2d0dde7ed82934a06bf64343c344a7b090cf77f05dcd73f813a5 Installing the package starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

Malicious code in safetest123 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 697641cf873581d63edc257a57ab2bef9e6662b8c6afbe7917fef190e539df39 Installing the package starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

Malicious code in gamma-api-provider (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e0c08011b9300cb8b734d3d0bebc12d47ba78173fd7bb3b676459217b0c2d367 The package gamma-api-provider was found to contain malicious code. Source: ghsa-malware...

Malicious code in vite-chunker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff8c2fc92377d678aca4ddaeaf13ff2c9a3fe7da1e436478d49b935131562f58 The package vite-chunker was found to contain malicious code. Source: ghsa-malware 77cc8d4b3c8ab1dac6606515127cb65f5c6738fb43b9d6a7800351162e689059 A...

Malicious code in tailwindcss-forms-bundler (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4539095c0f138c7afdd678f16ce6331acda209486c0e8ebe9f156da96b5de11a The package tailwindcss-forms-bundler was found to contain malicious code. Source: ghsa-malware...

Malicious code in polygon-gamma-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dbe3f588073fea9d33a70fcdffbe2466af2886a8bf5227c8e3256235aca46899 The package polygon-gamma-api was found to contain malicious code. Source: ghsa-malware...

Malicious code in tailwindcss-animate-framer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c02b4943187c442df05c485194a7946cf3243d4f95240cde866a4efc05fce281 The package tailwindcss-animate-framer was found to contain malicious code. Source: ghsa-malware...

Malicious code in mui-path-imports (npm)

The package 'mui-path-imports' is part of the PhantomRaven supply chain attack campaign Wave 4. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in clean-order (npm)

The package 'clean-order' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in typescript-urql (npm)

The package 'typescript-urql' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in google-camelcase (npm)

The package 'google-camelcase' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in sort-export-all (npm)

The package 'sort-export-all' is part of the PhantomRaven supply chain attack campaign Wave 4. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in filter-imports (npm)

The package 'filter-imports' is part of the PhantomRaven supply chain attack campaign Wave 4. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in import-zod (npm)

The package 'import-zod' is part of the PhantomRaven supply chain attack campaign Wave 4. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.artifactsnpm.com...

Malicious code in llm-oracle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98fdc3b2f8d6e1b4bb0e26b6f7f12227b5759900fb7c859b6b13093b1a159bf9 The package llm-oracle was found to contain malicious code. Source: ghsa-malware 94a20da2ad0a043d47545889257036cffa168646e3083c39007db16c692dc419 Any...

Malicious code in synapseml-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4ddf16f7a9941918ea74e21a3742e8f03d7b5c6f5720d7d031d2c69f8d6495c3 Installing the package starts encrypting the user's file and demanding ransom for the decryption. --- Category: MALICIOUS - The campaign has clearly malicious...

Malicious code in test-logsmodule-v-zisko (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6f59f2c34febf5b71ba7f6912540619742de8815167ecc99397fe9b5b9eced9 The package test-logsmodule-v-zisko was found to contain malicious code. Source: ghsa-malware...

Malicious code in bluelite-bot-manager (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d02181290fe37f11e082818a15c1f6baa4d8479279412a74ec4b440ec14dafc7 The package bluelite-bot-manager was found to contain malicious code. Source: ghsa-malware...

Malicious code in rtxnode-sass22 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36a78ba8212bc3ab76a0cd01b40b2a3c0b18f319ccb29c6ccea455e9a89449a8 The package rtxnode-sass22 was found to contain malicious code. Source: ghsa-malware f55edfe6ea35e734acb3592f0b13348ef997c46497c2975855d609ee45912671...

Malicious code in @openclaw-ai/openclawai (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3f93eed751f0a289cca2167f2999e3757984b82f1dc815e9a68dd05b5a95b23d The package @openclaw-ai/openclawai was found to contain malicious code. Source: ghsa-malware...

Malicious code in @web-monorepo/fetchers (npm)

Package is malware. It exfiltrates data to a suspicious domain via callback.js, triggered by a preinstall script in package.json. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3faaa666cb666785670b3a638b1f832d4492f7eb2c999f41f7bb551cde2aa86 The package...

Malicious code in @augmentor/experiences (npm)

Malware detected: Collects and exfiltrates sensitive data to a suspicious webhook via a preinstall script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4067e28e3de3f031541a3e624d8d21dc75777b65b83ab8aa4fd09bfd52038968 The package @augmentor/experiences was fou...

Malicious code in alinet-w (npm)

Package is malware due to ransomware-like behavior: file encryption, key exfiltration, terminal locking, ransom note, and persistence attempts. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c18fd7e3ffa16f370fa25fcc489c381958d8200bf01cd8bf3627c91301eb397 The...

Malicious code in chain-promised-await (npm)

Remote code execution via fetching code from a remote URL and Discord webhook usage indicates malicious intent. Single version adds to suspicion. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b5b882a33fdd394ef7a848100d8ee39ef4c7f0747942b4bea86e38af5780c978 The...

Malicious code in iron-menu-behavior (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4c995f11c44e1f5cd41f7a3c63d4070a2d738168a7fcc5a61f8f9e8ddbd6f00c The package iron-menu-behavior was found to contain malicious code. Source: ghsa-malware...

Malicious code in iron-selector (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b219543968961b0fe1a0bd84edace79d5f998e51149888798e20f08acd032d4 The package iron-selector was found to contain malicious code. Source: ghsa-malware 7cf6c5d1914db2c2a15acb98795a4adddfd3847f9e921c75e4b9f0e2a1890946...

Malicious code in @platform-growth/guidance-channel-provider (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 851a1eb428b30069bd6ba251018b1547db4c6066228663539c2b80b07ba0061e The package @platform-growth/guidance-channel-provider was found to contain malicious code. Source: ghsa-malware...

Malicious code in collab-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 827bba21aab2fb6ac088e0ab66d2d6ce16a9edcfb26736c85c5d9c8488019b21 The package collab-library was found to contain malicious code. Source: ghsa-malware aa4043d376077e02719a8d768bb1e2631de6c69525ebd948ed92102f617adc9c...

Malicious code in falcologgerinternalstate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 183181a665c683721a6523db5e15b21f8c20c2b154b2ea57decac425f8ad44e3 The package falcologgerinternalstate was found to contain malicious code. Source: ghsa-malware...

Malicious code in iron-localstorage (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b4370af9c8f0db5604f7bc2648c64054140ea6fbcfebd4eef181c7330efaf77 The package iron-localstorage was found to contain malicious code. Source: ghsa-malware...

Malicious code in iron-pages (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa0828e4b92294651d9b815203d5e2e7cbe45cce351dfa340bb6a79481a4a0cd The package iron-pages was found to contain malicious code. Source: ghsa-malware ec5456f01c9dadf3a140d1cd4974007405b2fdf1a9f1639c264a194555229ec4 Any...

Malicious code in iron-signals (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 015416030a87f010b10b6babdffd64778563cfccdc5ad2fa610f456be6314658 The package iron-signals was found to contain malicious code. Source: ghsa-malware 2845ee24242fc511c6b3d7ad1fe8ed0ab3feb42f943edae6255d0a72f2b88460 A...

Malicious code in iron-fit-behavior (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67d3440b6e1d8f6bfca21cf53c207a766d966cc2ba5033d8557c044c91a8b950 The package iron-fit-behavior was found to contain malicious code. Source: ghsa-malware...

Malicious code in @mmm-otrade/transaction-adapter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6bf4c9f5e8a8d9c59d2880a5aafe18bd8780c33c876d202589f4751d5447ce1c The package @mmm-otrade/transaction-adapter was found to contain malicious code. Source: ghsa-malware...

Malicious code in @rothaus/falcologgerinternalstate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6412742e7e3c8073b47d2b5b30628d048c74cb63fe4e6b33cb727931a4a63d9a The package @rothaus/falcologgerinternalstate was found to contain malicious code. Source: ghsa-malware...

Malicious code in @mmm-otrade/transaction (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f1e04f746cfc3e1e936e4a628b0435b494c9dfc00739285e88d0ae03b00d9b3 The package @mmm-otrade/transaction was found to contain malicious code. Source: ghsa-malware...

Malicious code in amt-package-united-icons (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de3f8cf1c89ae16f5297d8a873529f5ba61b4d746f1f79667f803c96bf92507f The package amt-package-united-icons was found to contain malicious code. Source: ghsa-malware...

Malicious code in iron-overlay-behavior (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f1c6c5a0c7da957deff9af5f6e981a6d5cf588394ad85aaaa9456657d49604e The package iron-overlay-behavior was found to contain malicious code. Source: ghsa-malware...

Malicious code in iron-image (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64bb41903e84d6a7adabb1c7268258090468e2e83e6f31fb679d594e8266f79e The package iron-image was found to contain malicious code. Source: ghsa-malware 11a0db876976d8589a7d975fb9c112f6569a4fc2708fb21c378166c2a1f8d204 Any...

Malicious code in iron-media-query (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 548ed1fd1be98d1ed340a991d8db46117cdd8cdd2a43f625408015ed6714d778 The package iron-media-query was found to contain malicious code. Source: ghsa-malware 159ebd19facb8454d0a41a0815dc3f3c0516dfc4f7a7ac22c5ea3f106fd008...

Malicious code in xc-input-toggle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 25bd6a138ac384a0c310614cf8a679db9c7c02f9b4b44fbfb98910514eb2e80e The package xc-input-toggle was found to contain malicious code. Source: ghsa-malware aa8d4ebd389bd00b1f92bc14e6d9e1a2ffc83e2ef239991e0e01c0bb445166c...

Malicious code in monoping (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c8fd35713b7e196cf598a8c69f853a4760cc2a2f079ae9e51d3d5d62d33a954 The package monoping was found to contain malicious code. Source: ghsa-malware dac223c01f73149dee79551e85e5265a42c4093a91294545d780f6f86ac1ee9c Any...

Malicious code in json-merge-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f16e8d9c37feb30d5a44f7a94620c3a09d182a34cd5ccc1e7c97aaf4a991ab10 The package json-merge-tool was found to contain malicious code. Source: ghsa-malware 4bb041118bdac1123bd722a9b1f99ddb6ca406f7ce80d5de344b2c36614b89e...

Malicious code in jsonify-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a8aa1030a7553e5aa40c2770df5c5945ccce7110fbe89a5931b7003453aa08d The package jsonify-core was found to contain malicious code. Source: ghsa-malware 15401bad013f01305211dd3ab1307a4ac9383ef3846645fd154ab648ce77e956 A...

Malicious code in hxq-misc-utils-0379 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: oracle-using-macaron 1e22088fbe314143f0c3eb971a645a125a9a32753184ceb5abd533ac7e60da69 This package includes an encrypted payload file that appears to be used to deliver code or resources to other packages. The payload changes betwe...

Malicious code in bpsm (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5dfe0d38862649d74eb0c306f047d854004293223eae7cfa7f4fc82c9370bd96 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...