225880 matches found
Malicious code in causal-canvas (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ecab11884e9f4226d493a759dd7039ee4669a904d1834041fb73c81502fe4f27 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in tabformerlite (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 24a23931f60d9a2daf27a6df2eff2f3102cb239f6d058bed6646d208787f0c5b Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in tw-modern-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5263f4880e1caf988c78cea312bf9087935eadf7367438ca98023d0b03a5ab12 The package tw-modern-ui was found to contain malicious code. Source: ghsa-malware 739792de3e777b4dcdf28cf380425a6e0e3082c65f5f72ff73d4ae60ed685d98 A...
Malicious code in odds-analyzer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fd711f9267e0e1bd3dc42ff98c117a939f5ffa947f11c5fd3d9aea4bc8a47c1 The package odds-analyzer was found to contain malicious code. Source: ghsa-malware 90239f2eeaa13b5a4c00596bcd6f549ab3948f0b1421e246ce67a7bfa30248d6...
Malicious code in requests-lite (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d343c918303c251cdef262a6e1cbdff6ae797cf56115a81cfa5449732395b63b Clone of a legitimate requests library. The hidden code runs when using the requests functionality and starts a Telegram bot awaiting for remote commands. ---...
Malicious code in remjsonparse (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e478d1e016f1d6d6d1cb4a9d23ac45449c22d99aa8e71c88d2f38fae8951f23f During import, package starts advanced compromise actions: exfiltrates AWS and git credentials, commands history, security tools in use. After that, the code...
Malicious code in aioutil3 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 cb06e8bed4bc80c83b203abcee07556086a0c41f2b52d72d4a3b3740ddfa95d0 This is a malicious clone of legitimate python-utils. The modified code introduces a function that silently exfiltrates given data to a hardcoded location. Wha...
Malicious code in arnavtest123 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d77a638a8dbd52def0458fe1227c5dd5491bc8fedb0ae9e50f28eed74e4ef89d During installation, the package starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
Malicious code in simple-text-parser (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 028015ffba2e58b87cbc6405ccb9358c194b81fafea44e7359587509510d4027 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...
Malicious code in demozecosse (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1fd7840785d53d90edc61c6138072f4ed7a01b35dd05d76d9d6f5343ec93bff7 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...
Malicious code in demozecob (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f6e22f0d73fc85bdf6e0948da43079380af2a809146077afae2fd451315397e0 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...
Malicious code in demozecox (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b32c6e6d2566a58b9a104d162c060982bff488fa547fb706c43553d0b7185ccb Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...
Malicious code in demozecosso (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ca3839025ccad67334436cff10b99fc2c407515ed2d9a4e146d11b253b356c8a Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...
Malicious code in xmrig-miner (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c3d760afc863697f46cbb6716644c1e7b7e937044ee10ce72b3bce7b549cdcc8 Importing the module starts a silent cryptocurrency mining in the background for a hardcoded wallet. --- Category: MALICIOUS - The campaign has clearly malicio...
Malicious code in py-sysbench (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 bcd34dcdc69398d2b97a0890cc550974824096b2844524f868505aa32032f147 Importing the module starts a silent cryptocurrency mining in the background for a hardcoded wallet. --- Category: MALICIOUS - The campaign has clearly malicio...
Malicious code in cpucheck (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5c9d20d009145b270e9b9f2bb73540bb7484845f0cbe9c73f4cf20cc28f776c9 Importing the module starts a silent cryptocurrency mining in the background for a hardcoded wallet. --- Category: MALICIOUS - The campaign has clearly malicio...
Malicious code in pyutils-helper (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8b1055c03077c874d21f69aa9403cebd070e2b7398e27b44310c977219bc0e7a Importing the module starts a silent cryptocurrency mining in the background for a hardcoded wallet. --- Category: MALICIOUS - The campaign has clearly malicio...
Malicious code in chat-xdk (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e1f6d17089af4d8a0d8ab4b5ab9398a250b54d8d605c178080a7f275a6ab4687 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in prateek-yadav23 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e73aa57c13235ec4d3bcf7aa6139bb5a1bdbade9d72ae81a20c291766b9ac7ab Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...
Malicious code in flowfix (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 77c3304c8fcc8e0cdf2ac450babf481ff0ee3e93cb3c4213c6b4fa8d80cf4137 The package hides code to download and open remote content. The current code seems to be a bit broken as the final URL is not correct, but the code holds also...
Malicious code in hostlists-plugins-default (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 21b72625bb74661ae95d3317fe4384105bb6dd6d026b049f84a192aeeeeae9df Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in qq-console (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36b7c7e205593904f0312eb58b4ae4c3408be0fa15765f56202d0dd1496e1068 The package qq-console was found to contain malicious code. Source: ghsa-malware 8d42978b74e205fd80200d64d43b201bc456c4a8ae51ae16b875baef624c67cf Any...
Malicious code in @wgu-edu/wgu-icons (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d26d12da6d55658bcd129c71b6cd484c74498f993ec35f2219f69b6b8018ccee The package @wgu-edu/wgu-icons was found to contain malicious code. Source: ghsa-malware...
Malicious code in @wgu-edu/wgu-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1492a1bd49042802301333ea517f4b8406c91e845c6189c43be215cb9832edf The package @wgu-edu/wgu-core was found to contain malicious code. Source: ghsa-malware...
Malicious code in @shenira/libsignal-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37c19428681ab141c5cbfe55488bba7fb3d752e39dcffc01da944544bc0b104b The package @shenira/libsignal-node was found to contain malicious code. Source: ghsa-malware...
Malicious code in @shenira/baileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3952357e13678bb1abb18600854c622a3c5596cff93e8cc3ba309a6f51fccb1f The package @shenira/baileys was found to contain malicious code. Source: ghsa-malware a2914e7416552719c1008f077553702efc5d7710bc760aa34eeaeede86535b...
Malicious code in @shenira/baileysx (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a56827739abd116eca80e92a5a3d25815c78653c0c4513433fd5c4335cb9cca The package @shenira/baileysx was found to contain malicious code. Source: ghsa-malware...
Malicious code in test-mal-npm-pkg-not-local (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 803f42bec3cf0ba231262e882d9fb5def7e78c005b10e0c32edf60aecad5d9bf The package test-mal-npm-pkg-not-local was found to contain malicious code. Source: ghsa-malware...
Malicious code in test-mal-npm-pkg-2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f9e953edc529bc6611e9adac05b4738ab0ea950259e50cb2ea1067f07d9ecf7 The package test-mal-npm-pkg-2 was found to contain malicious code. Source: ghsa-malware...
Malicious code in test-mal-npm-pkg-local (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e75a0b0eec22915db4ca63da2987beda61280504b532ef780e81b26d53e11d8e The package test-mal-npm-pkg-local was found to contain malicious code. Source: ghsa-malware...
Malicious code in aaaaaxxxxx (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 74022d63a8f08b2891b69972616980c694bf36c621e434d53bb293d3c556d50e The package aaaaaxxxxx was found to contain malicious code. Source: ghsa-malware 76e892030ae3b51f49aca22d108dff0826190b133c1d18bd448c9308b904f8d4 Any...
Malicious code in python-requirements (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 40fa77c47c3649fce85f601f8aa10bf13674e5db4a2d35f125cb48b77d65f99d The package clones a legitimate webdavclient3 library and modifies it to be an installer utility. During installation, the package exfiltrates the current...
Malicious code in python-module-installer (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 61bfa181c5afb9e33e0d529138c813fc05d8130062182d9d1a5cb4ef9c8da0ea The package clones a legitimate webdavclient3 library and modifies it to be an installer utility. During installation, the package exfiltrates the current...
Malicious code in fastapi-requests (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8e414a858711540d25b63ced50114d396e150157b65a70056beccc38948a4199 The package clones a legitimate library and contains hidden code that executes remote scripts. During the analysis, the remote code was no longer available ---...
Malicious code in fastapis-requests (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 69baeb910fc47c2e92e2a25cb1db7b5148b4773d193f15aecef4d708f69b1f6d The package clones a legitimate library and contains hidden code that executes remote scripts. During the analysis, the remote code was no longer available ---...
Malicious code in webmd-url (npm)
Package exfiltrates data via pre/postinstall scripts, and has a suspicious main entrypoint targeting MongoDB configurations. Package extracts data like username, hostname and current working directory and sends it to malicious domain http://4v6heh2m.requestrepo.com/depconf/webmd-url/ --- -= Per...
Malicious code in pino-sdk-v2 (npm)
Malware detected: Exfiltrates .env file keys to Discord webhook. Impersonates legit pino package with modified malicious package/lib/tools.js. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 093fa98258b33a735216506ea119532a3cc24c92359028b4bb1955d0b712951a The...
Malicious code in tether-dev-docs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0d07b28a3afe4c020244ad7d5415342f3d62c4436107a5d764307d102b193ef The package tether-dev-docs was found to contain malicious code. Source: ghsa-malware 57a6db50523e4b656bdec519331a0443d43f1f9ae2dd91e5e1a1ee5ab6cc5ed...
Malicious code in pdfjs-dist-fourth (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fcaf355459e8baaef860a557036e51431e6eb6c44dcba0e800579cf978f2f64d The package pdfjs-dist-fourth was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in @imhuman/corp-build-utils-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6184a6191df94d0d85ce593a41435ea200b954b17ce7a90c83cd1fb6ec5453db The package @imhuman/corp-build-utils-poc was found to contain malicious code. Source: ghsa-malware...
Malicious code in @imhuman/fw-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f21f635d2d8fbbcc0d1422e1b08e8b71b8efd04e68216dc4eb8ffaec0208f967 The package @imhuman/fw-logger was found to contain malicious code. Source: ghsa-malware...
Malicious code in imhuman-fw-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 04a81e9c61dcf38b54d4e0ad070050a4817a509858f0f56725074b54c24288a1 The package imhuman-fw-logger was found to contain malicious code. Source: ghsa-malware...
Malicious code in pear-apps-lib-ui-react-hooks (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 325efdb6f86d5a55bf6cf0630f6fc6be87fbe387047929a31e4e5e55a8ea6cdf The package pear-apps-lib-ui-react-hooks was found to contain malicious code. Source: ghsa-malware...
Malicious code in pear-apps-utils-avatar-initials (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 097265e259265c0fcc8e4d53ebb4bfcdc33404ce2fc818308f0f1097d90de3d4 The package pear-apps-utils-avatar-initials was found to contain malicious code. Source: ghsa-malware...
Malicious code in pear-apps-utils-date (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65df5bee974b55dfd58d5816e480664604e9d8b3bf6a7c27c22b92aefeaca124 The package pear-apps-utils-date was found to contain malicious code. Source: ghsa-malware...
Malicious code in pear-apps-utils-qr (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8bf18757dd3797d845e6746f010e38421985192e8623264615f68c13b4ec0a1 The package pear-apps-utils-qr was found to contain malicious code. Source: ghsa-malware...
Malicious code in pearpass-lib-data-export (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd09913040448b75ce4023605c2191efccf04f01c8e894d4044e8ee3a04fa67c The package pearpass-lib-data-export was found to contain malicious code. Source: ghsa-malware...
Malicious code in pear-apps-lib-feedback (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 331d2742dee8271e5d493e475aab23ee3f05adc5e02888d87127d189883cc50c The package pear-apps-lib-feedback was found to contain malicious code. Source: ghsa-malware...
Malicious code in pearpass-lib-data-import (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1ab28e159d40d36665a0a745f8ff8a2f9d55884bfaff1f019638560083aaf42 The package pearpass-lib-data-import was found to contain malicious code. Source: ghsa-malware...
Malicious code in pearpass-utils-password-check (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e49c29e613eb5defffe0f8db190791cd1e27be699c5aa6343ad0d60814b2e756 The package pearpass-utils-password-check was found to contain malicious code. Source: ghsa-malware...