Malware Packages
discord-selfbot-tools
JFrog discovers 25 open-source npm malicious packages, including one that targets malware authors to hijack stolen Discord tokens.
driftme
Beware of hidden dangers in open-source libraries. Three new malicious PyPI packages found deploying cryptocurrency miners.
dsc-auth
Phylum has been extremely busy in the past few weeks, reporting on multiple malware campaigns, including malicious updates to npm packages, malware masquerading as a GCC binary, and a package containing a complicated command-and-control setup for data exfiltration. We monitor open-source ecosystems and analyze every package's source code and metadata
@dynamic-form-components/mui
Beware of npm imposters! 14 fraudulent packages found in the registry, posing as legit tools. They aim to steal your Kubernetes configs and SSH keys.
@dynamic-form-components/shineout
Beware of npm imposters! 14 fraudulent packages found in the registry, posing as legit tools. They aim to steal your Kubernetes configs and SSH keys.
ejs-audit
On June 11, Phylum’s automated risk detection platform alerted us to a peculiar pattern of publications on NPM. The packages in question seem to be published in pairs, each pair working in unison to fetch additional resources which are subsequently decoded and/or executed. At the time of this
elliptic-helper
On June 11, Phylum’s automated risk detection platform alerted us to a peculiar pattern of publications on NPM. The packages in question seem to be published in pairs, each pair working in unison to fetch additional resources which are subsequently decoded and/or executed. At the time of this
elliptic-parser
On June 11, Phylum’s automated risk detection platform alerted us to a peculiar pattern of publications on NPM. The packages in question seem to be published in pairs, each pair working in unison to fetch additional resources which are subsequently decoded and/or executed. At the time of this
ethter
ReversingLabs threat researchers have identified a new malicious PyPI campaign that includes a suspicious VMConnect package published to the PyPI repo.
@expue/app
Beware of npm imposters! 14 fraudulent packages found in the registry, posing as legit tools. They aim to steal your Kubernetes configs and SSH keys.
@fixedwidthtable/fixedwidthtable
Beware of npm imposters! 14 fraudulent packages found in the registry, posing as legit tools. They aim to steal your Kubernetes configs and SSH keys.
gcc-patch
Beware of npm imposters! 14 fraudulent packages found in the registry, posing as legit tools. They aim to steal your Kubernetes configs and SSH keys.
googl-auth
More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.
great-expectation
More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.
gunther
Phylum has been extremely busy in the past few weeks, reporting on multiple malware campaigns, including malicious updates to npm packages, malware masquerading as a GCC binary, and a package containing a complicated command-and-control setup for data exfiltration. We monitor open-source ecosystems and analyze every package's source code and metadata
hardhat-gas-report
Beware of npm imposters! 14 fraudulent packages found in the registry, posing as legit tools. They aim to steal your Kubernetes configs and SSH keys.
hcarset-normalize
More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.
iohttp
More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.
jnija2
More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.
jpeg-metadata
On June 11, Phylum’s automated risk detection platform alerted us to a peculiar pattern of publications on NPM. The packages in question seem to be published in pairs, each pair working in unison to fetch additional resources which are subsequently decoded and/or executed. At the time of this
jupyter-cor
More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.
juupyter-core
More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.
kakakaakaaa11aa
JFrog discovers 25 open-source npm malicious packages, including one that targets malware authors to hijack stolen Discord tokens.
knac
More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.
kodiak2k
Did you download Warbeast2000 or Kodiak2k from npm? If so, your SSH keys might be compromised! These packages steal keys & upload them to GitHub.
@ks-radar/radar
Phylum has been extremely busy in the past few weeks, reporting on multiple malware campaigns, including malicious updates to npm packages, malware masquerading as a GCC binary, and a package containing a complicated command-and-control setup for data exfiltration. We monitor open-source ecosystems and analyze every package's source code and metadata
@ks-radar/radar-chrome-metrics-collect
Phylum has been extremely busy in the past few weeks, reporting on multiple malware campaigns, including malicious updates to npm packages, malware masquerading as a GCC binary, and a package containing a complicated command-and-control setup for data exfiltration. We monitor open-source ecosystems and analyze every package's source code and metadata
@ks-radar/radar-core
Phylum has been extremely busy in the past few weeks, reporting on multiple malware campaigns, including malicious updates to npm packages, malware masquerading as a GCC binary, and a package containing a complicated command-and-control setup for data exfiltration. We monitor open-source ecosystems and analyze every package's source code and metadata
@ks-radar/radar-event-collect
Phylum has been extremely busy in the past few weeks, reporting on multiple malware campaigns, including malicious updates to npm packages, malware masquerading as a GCC binary, and a package containing a complicated command-and-control setup for data exfiltration. We monitor open-source ecosystems and analyze every package's source code and metadata
@ks-radar/radar-navigation-collect
Phylum has been extremely busy in the past few weeks, reporting on multiple malware campaigns, including malicious updates to npm packages, malware masquerading as a GCC binary, and a package containing a complicated command-and-control setup for data exfiltration. We monitor open-source ecosystems and analyze every package's source code and metadata