Malware Package

Package Type
NPM Module
Name
hardhat-gas-report
Description
Beware of npm imposters! 14 fraudulent packages found in the registry, posing as legit tools. They aim to steal your Kubernetes configs and SSH keys.

Identified Reports (2)

This malware package was identified on the following reports.

Report URL Published At Author Description
Dormant npm Package Update Targets Ethereum Private Keys https://blog.phylum.io/dormant-npm-package-update-targets-ethereum-private-keys/ 1693630800000 Phylum Research Team On the afternoon of September 1, 2023 Phylum's automated risk detection platform flagged two new publications of the https://app.phylum.io/package/npm/hardhat-gas-report/1.1.17 package. It turns out these updates included a stealthy clipboard monitor with a persistence mechanism attempting to exfiltrate Ethereum private keys to
Fresh Wave of Malicious npm Packages Threaten Kubernetes Configs and SSH Keys https://thehackernews.com/2023/09/fresh-wave-of-malicious-npm-packages.html Sep 20, 2023THN Beware of npm imposters! 14 fraudulent packages found in the registry, posing as legit tools. They aim to steal your Kubernetes configs and SSH keys.
Report External URL Published At Author Description

Related Malware Packages (16)

The following malware packages were identified in the same report as this one.

Package Type Name Attack Strategy Package Author Versions
NPM Module @am-fe/hooks
NPM Module @am-fe/provider
NPM Module @am-fe/request
NPM Module @am-fe/utils
NPM Module @am-fe/watermark
NPM Module @am-fe/watermark-core
NPM Module @dynamic-form-components/mui
NPM Module @dynamic-form-components/shineout
NPM Module @expue/app
NPM Module @fixedwidthtable/fixedwidthtable
NPM Module @soc-fe/use
NPM Module @spgy/eslint-plugin-spgy-fe
NPM Module @virtualsearchtable/virtualsearchtable
Pypi Package culturestreak
NPM Module gcc-patch
NPM Module shineouts