Malware Package

Package Type

NPM Module

Name

audit-ejs

Versions

1.7.2

Identified At

1687496400000

Description

On June 11, Phylum’s automated risk detection platform alerted us to a peculiar pattern of publications on NPM. The packages in question seem to be published in pairs, each pair working in unison to fetch additional resources which are subsequently decoded and/or executed. At the time of this

Identified Reports (1)

This malware package was identified on the following reports.

Report	URL	Published At	Author	Description
Phylum Discovers Sophisticated Ongoing Attack on NPM	https://blog.phylum.io/sophisticated-ongoing-attack-discovered-on-npm/	1687496400000	Phylum Research Team	On June 11, Phylum’s automated risk detection platform alerted us to a peculiar pattern of publications on NPM. The packages in question seem to be published in pairs, each pair working in unison to fetch additional resources which are subsequently decoded and/or executed. At the time of this
Report	External URL	Published At	Author	Description

Related Malware Packages (26)

The following malware packages were identified in the same report as this one.

Package Type	Name	Versions
NPM Module	assets-graph	1.0.0
NPM Module	assets-table	1.0.0
NPM Module	audit-vue	1.6.2
NPM Module	btc-web3	1.0.1
NPM Module	cache-react	1.0.2
NPM Module	cache-vue	1.0.1, 1.0.2
NPM Module	chart-tablejs	1.0.1
NPM Module	chart-vxe	0.0.9
NPM Module	couchcache-audit	1.1.2
NPM Module	ejs-audit	1.7.2
NPM Module	elliptic-helper	1.2.7
NPM Module	elliptic-parser	1.2.7
NPM Module	jpeg-metadata	1.5.1
NPM Module	other-web3	1.0.1
NPM Module	price-fetch	0.0.9
NPM Module	price-record	0.0.9
NPM Module	snykaudit-helper	4.1.1, 4.1.2
NPM Module	sync-http-api	6.1.0, 6.1.1
NPM Module	sync-https-api	6.1.1
NPM Module	tslib-react	1.7.1
NPM Module	tslib-tool	1.6.1
NPM Module	tslib-util	1.6.2
NPM Module	ttf-metadata	1.5.2
NPM Module	vue-audit	1.6.2
NPM Module	vue-gws	0.0.1
NPM Module	vuewjs	1.0.1