CurrentThreat

btc-web3

On June 11, Phylum’s automated risk detection platform alerted us to a peculiar pattern of publications on NPM. The packages in question seem to be published in pairs, each pair working in unison to fetch additional resources which are subsequently decoded and/or executed. At the time of this

cacheools

More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.

cache-react

On June 11, Phylum’s automated risk detection platform alerted us to a peculiar pattern of publications on NPM. The packages in question seem to be published in pairs, each pair working in unison to fetch additional resources which are subsequently decoded and/or executed. At the time of this

cachetoosl

More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.

cache-vue

On June 11, Phylum’s automated risk detection platform alerted us to a peculiar pattern of publications on NPM. The packages in question seem to be published in pairs, each pair working in unison to fetch additional resources which are subsequently decoded and/or executed. At the time of this

catme

Beware of hidden dangers in open-source libraries. Three new malicious PyPI packages found deploying cryptocurrency miners.

charset-noramlizer

More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.

charset-normaliz

More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.

chart-tablejs

On June 11, Phylum’s automated risk detection platform alerted us to a peculiar pattern of publications on NPM. The packages in question seem to be published in pairs, each pair working in unison to fetch additional resources which are subsequently decoded and/or executed. At the time of this

chart-vxe

On June 11, Phylum’s automated risk detection platform alerted us to a peculiar pattern of publications on NPM. The packages in question seem to be published in pairs, each pair working in unison to fetch additional resources which are subsequently decoded and/or executed. At the time of this

chatgpt-api

Two npm packages, nodejs-encrypt-agent and nodejs-cookie-proxy-agent, were found to harbor the TurkoRat malware.

cloud-room-video

coloraam

More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.

coloraama

More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.

colormaa

More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.

colors-beta

JFrog discovers 25 open-source npm malicious packages, including one that targets malware authors to hijack stolen Discord tokens.

color-self

JFrog discovers 25 open-source npm malicious packages, including one that targets malware authors to hijack stolen Discord tokens.

color-self-2

JFrog discovers 25 open-source npm malicious packages, including one that targets malware authors to hijack stolen Discord tokens.

coolorama

More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.

couchcache-audit

On June 11, Phylum’s automated risk detection platform alerted us to a peculiar pattern of publications on NPM. The packages in question seem to be published in pairs, each pair working in unison to fetch additional resources which are subsequently decoded and/or executed. At the time of this

Malware Packages

btc-web3

cacheools

cache-react

cachetoosl

cache-vue

catme

charset-noramlizer

charset-normaliz

chart-tablejs

chart-vxe

chatgpt-api

cloud-room-video

coloraam

coloraama

colormaa

colors-beta

color-self

color-self-2

coolorama

couchcache-audit

cryptogarphy

crypto-standarts

culturestreak

dataclasses-jso

dataclass-json

discord.js-aployscript-v11

discord.js-discord-selfbot-v4

discord.js-selfbot-aployed

discord.js-selfbot-aployscript

discord-protection