Malware Packages
price-record
On June 11, Phylum’s automated risk detection platform alerted us to a peculiar pattern of publications on NPM. The packages in question seem to be published in pairs, each pair working in unison to fetch additional resources which are subsequently decoded and/or executed. At the time of this
prtobuf
More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.
purple-bitch
JFrog discovers 25 open-source npm malicious packages, including one that targets malware authors to hijack stolen Discord tokens.
purple-bitchs
JFrog discovers 25 open-source npm malicious packages, including one that targets malware authors to hijack stolen Discord tokens.
pycparse
More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.
pyparisng
More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.
pyparsign
More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.
pyprasing
More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.
pytho-dateuti
More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.
python-alibabacloud-sdk-core
Over the weekend, Phylum’s automated risk detection alerted us to a series of publications surrounding packages on PyPI, all purporting to be some kind of cloud provider SDK or helper package. While these packages do, in fact, provide the purported functionality, they also surreptitiously ship the credentials off to
python-alibabacloud-tea-openapi
Over the weekend, Phylum’s automated risk detection alerted us to a series of publications surrounding packages on PyPI, all purporting to be some kind of cloud provider SDK or helper package. While these packages do, in fact, provide the purported functionality, they also surreptitiously ship the credentials off to
python-dateuitl
More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.
python-dateut
More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.
python-dateutils
More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.
python-json-logge
More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.
quantiumbase
ReversingLabs threat researchers have identified a new malicious PyPI campaign that includes a suspicious VMConnect package published to the PyPI repo.
rotobuf
More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.
ryptography
More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.
semve
More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.
shineouts
Beware of npm imposters! 14 fraudulent packages found in the registry, posing as legit tools. They aim to steal your Kubernetes configs and SSH keys.
snykaudit-helper
On June 11, Phylum’s automated risk detection platform alerted us to a peculiar pattern of publications on NPM. The packages in question seem to be published in pairs, each pair working in unison to fetch additional resources which are subsequently decoded and/or executed. At the time of this
@soc-fe/use
Beware of npm imposters! 14 fraudulent packages found in the registry, posing as legit tools. They aim to steal your Kubernetes configs and SSH keys.
soupseive
More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.
soupsiev
More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.
speedtesta
A new set of 16 malicious NPM packages are pretending to be internet speed testers but are, in reality, coinminers that hijack the compromised computer's resources to mine cryptocurrency for the threat actors.
speedtestbom
A new set of 16 malicious NPM packages are pretending to be internet speed testers but are, in reality, coinminers that hijack the compromised computer's resources to mine cryptocurrency for the threat actors.
speedtestfast
A new set of 16 malicious NPM packages are pretending to be internet speed testers but are, in reality, coinminers that hijack the compromised computer's resources to mine cryptocurrency for the threat actors.
speedtestgo
A new set of 16 malicious NPM packages are pretending to be internet speed testers but are, in reality, coinminers that hijack the compromised computer's resources to mine cryptocurrency for the threat actors.
speedtestgod
A new set of 16 malicious NPM packages are pretending to be internet speed testers but are, in reality, coinminers that hijack the compromised computer's resources to mine cryptocurrency for the threat actors.