Malware Packages
adv-discord-utility
JFrog discovers 25 open-source npm malicious packages, including one that targets malware authors to hijack stolen Discord tokens.
aiohtp
More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.
alibabacloud-oss2
Over the weekend, Phylum’s automated risk detection alerted us to a series of publications surrounding packages on PyPI, all purporting to be some kind of cloud provider SDK or helper package. While these packages do, in fact, provide the purported functionality, they also surreptitiously ship the credentials off to
@am-fe/hooks
Beware of npm imposters! 14 fraudulent packages found in the registry, posing as legit tools. They aim to steal your Kubernetes configs and SSH keys.
@am-fe/provider
Beware of npm imposters! 14 fraudulent packages found in the registry, posing as legit tools. They aim to steal your Kubernetes configs and SSH keys.
@am-fe/request
Beware of npm imposters! 14 fraudulent packages found in the registry, posing as legit tools. They aim to steal your Kubernetes configs and SSH keys.
@am-fe/utils
Beware of npm imposters! 14 fraudulent packages found in the registry, posing as legit tools. They aim to steal your Kubernetes configs and SSH keys.
@am-fe/watermark
Beware of npm imposters! 14 fraudulent packages found in the registry, posing as legit tools. They aim to steal your Kubernetes configs and SSH keys.
@am-fe/watermark-core
Beware of npm imposters! 14 fraudulent packages found in the registry, posing as legit tools. They aim to steal your Kubernetes configs and SSH keys.
aouthlib
More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.
argpars
More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.
arpgrase
More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.
assets-graph
On June 11, Phylum’s automated risk detection platform alerted us to a peculiar pattern of publications on NPM. The packages in question seem to be published in pairs, each pair working in unison to fetch additional resources which are subsequently decoded and/or executed. At the time of this
assets-table
On June 11, Phylum’s automated risk detection platform alerted us to a peculiar pattern of publications on NPM. The packages in question seem to be published in pairs, each pair working in unison to fetch additional resources which are subsequently decoded and/or executed. At the time of this
ataclasses-json
More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.
audit-ejs
On June 11, Phylum’s automated risk detection platform alerted us to a peculiar pattern of publications on NPM. The packages in question seem to be published in pairs, each pair working in unison to fetch additional resources which are subsequently decoded and/or executed. At the time of this
audit-vue
On June 11, Phylum’s automated risk detection platform alerted us to a peculiar pattern of publications on NPM. The packages in question seem to be published in pairs, each pair working in unison to fetch additional resources which are subsequently decoded and/or executed. At the time of this
aws-enumerate-iam
Over the weekend, Phylum’s automated risk detection alerted us to a series of publications surrounding packages on PyPI, all purporting to be some kind of cloud provider SDK or helper package. While these packages do, in fact, provide the purported functionality, they also surreptitiously ship the credentials off to
axios-proxy
Two npm packages, nodejs-encrypt-agent and nodejs-cookie-proxy-agent, were found to harbor the TurkoRat malware.
azure-mgmt-authorizatio
More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.
azure-mgmt-authroization
More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.
azure-mgmt-containerregistr
More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.
azure-mgmt-containrregistry
More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.
bbeautifulsoup4
More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.
beautfiulsoup4
More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.
broke-rcl
New npm attack discovered! Cybersecurity researchers find an ongoing campaign with a unique execution chain.
brokescolors
New npm attack discovered! Cybersecurity researchers find an ongoing campaign with a unique execution chain.
brokescolors2
New npm attack discovered! Cybersecurity researchers find an ongoing campaign with a unique execution chain.
brokescolors3
New npm attack discovered! Cybersecurity researchers find an ongoing campaign with a unique execution chain.
brokesrcl
New npm attack discovered! Cybersecurity researchers find an ongoing campaign with a unique execution chain.