Malware Packages
@ks-radar/radar-resource-collect
Phylum has been extremely busy in the past few weeks, reporting on multiple malware campaigns, including malicious updates to npm packages, malware masquerading as a GCC binary, and a package containing a complicated command-and-control setup for data exfiltration. We monitor open-source ecosystems and analyze every package's source code and metadata
@ks-radar/radar-util
Phylum has been extremely busy in the past few weeks, reporting on multiple malware campaigns, including malicious updates to npm packages, malware masquerading as a GCC binary, and a package containing a complicated command-and-control setup for data exfiltration. We monitor open-source ecosystems and analyze every package's source code and metadata
kwxiaodian
Phylum has been extremely busy in the past few weeks, reporting on multiple malware campaigns, including malicious updates to npm packages, malware masquerading as a GCC binary, and a package containing a complicated command-and-control setup for data exfiltration. We monitor open-source ecosystems and analyze every package's source code and metadata
lagra
A new set of 16 malicious NPM packages are pretending to be internet speed testers but are, in reality, coinminers that hijack the compromised computer's resources to mine cryptocurrency for the threat actors.
lemaaa
JFrog discovers 25 open-source npm malicious packages, including one that targets malware authors to hijack stolen Discord tokens.
libiobe
New npm attack discovered! Cybersecurity researchers find an ongoing campaign with a unique execution chain.
localization-utils
Phylum discovered two packages published to PyPI on October 28 that claim to be libraries for simplifying internationalization. The files were highly obfuscated and upon further inspection were found to contain malicious code designed to steal sensitive Telegram Desktop application data and system information, which it then sends to an
locute
Phylum discovered two packages published to PyPI on October 28 that claim to be libraries for simplifying internationalization. The files were highly obfuscated and upon further inspection were found to contain malicious code designed to steal sensitive Telegram Desktop application data and system information, which it then sends to an
markedjs
JFrog discovers 25 open-source npm malicious packages, including one that targets malware authors to hijack stolen Discord tokens.
modularseven
Beware of hidden dangers in open-source libraries. Three new malicious PyPI packages found deploying cryptocurrency miners.
mynewpkg
JFrog discovers 25 open-source npm malicious packages, including one that targets malware authors to hijack stolen Discord tokens.
noblox.js-addons
JFrog discovers 25 open-source npm malicious packages, including one that targets malware authors to hijack stolen Discord tokens.
noblox.js-secure
These imposters are deploying Luna Token Grabber malware.
noblox.js-ssh
These imposters are deploying Luna Token Grabber malware.
noblox.js-vps
These imposters are deploying Luna Token Grabber malware.
node-colors-sync
JFrog discovers 25 open-source npm malicious packages, including one that targets malware authors to hijack stolen Discord tokens.
node-hide-console-windows
One “s” is all that separates a legitimate npm package from a malicious twin that delivered the r77 rootkit, and was downloaded more than 700 times, ReversingLabs researchers discovered.
nodejs-cookie-proxy-agent
Two npm packages, nodejs-encrypt-agent and nodejs-cookie-proxy-agent, were found to harbor the TurkoRat malware.
nodejs-encrypt-agent
Two npm packages, nodejs-encrypt-agent and nodejs-cookie-proxy-agent, were found to harbor the TurkoRat malware.
oatuhlib
More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.
oauthlbi
More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.
oautlhib
More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.
oogle-auth
More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.
openapi-ba
Phylum has been extremely busy in the past few weeks, reporting on multiple malware campaigns, including malicious updates to npm packages, malware masquerading as a GCC binary, and a package containing a complicated command-and-control setup for data exfiltration. We monitor open-source ecosystems and analyze every package's source code and metadata
osinfopkg
ReversingLabs threat researchers have identified a new malicious PyPI campaign that includes a suspicious VMConnect package published to the PyPI repo.
other-web3
On June 11, Phylum’s automated risk detection platform alerted us to a peculiar pattern of publications on NPM. The packages in question seem to be published in pairs, each pair working in unison to fetch additional resources which are subsequently decoded and/or executed. At the time of this
oupsieve
More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.
pingan-vue-floating
Phylum excels at detecting and blocking software supply-chain attacks on developers and their organizations. In June, we were the first to identify North Korean state actors conducting campaigns against npm developers. Today, we unveil another targeted campaign with similar behaviors, again targeting npm.
portobuf
More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.
price-fetch
On June 11, Phylum’s automated risk detection platform alerted us to a peculiar pattern of publications on NPM. The packages in question seem to be published in pairs, each pair working in unison to fetch additional resources which are subsequently decoded and/or executed. At the time of this