npm malware
@npm_malware
📣 We tweet malicious packages detected on npm in real-time. 🚨 Not affiliated with @npmjs or @github. 🛡 Powered by the @SocketSecurity threat feed. ✨
ID: 1564754411540316161
https://socket.dev 30-08-2022 23:18:46
6,6K Tweet
1,1K Followers
11 Following
⚠️ New threat detected: @stihlus/[email protected] ⚠️ This code is definitively malicious and represents a classic supply chain attack. It systematically collects and exfiltrates sensitive system information including environment variables (com... socket.dev/npm/package/@s…
⚠️ New threat detected: [email protected] ⚠️ This code implements a persistent remote code execution backdoor. It sends local system configuration data to an obfuscated remote server and then evaluates and executes any JavaScript code returned by that s... socket.dev/npm/package/is…
⚠️ New threat detected: [email protected] ⚠️ This module contains a malicious downloader and silent execution payload embedded in a logger factory. It fetches a binary from an external site, decodes it, writes it to disk in a public location a... socket.dev/npm/package/wi…
⚠️ New threat detected: [email protected] ⚠️ This file defines a sendEmail function that, instead of sending mail through a legitimate SMTP or trusted API, exfiltrates all provided email fields (from, to, subject, message) along with added metadata (sour... socket.dev/npm/package/is…
⚠️ New threat detected: [email protected] ⚠️ This file defines a sendEmail function that, instead of sending mail through a legitimate SMTP or trusted API, exfiltrates all provided email fields (from, to, subject, message) along with added metadata (so... socket.dev/npm/package/is…
⚠️ New threat detected: [email protected] ⚠️ The code is highly suspicious due to its obfuscation and behavior of downloading and executing files from potentially malicious URLs. This poses a significant security risk and is indicative of malware. socket.dev/npm/package/so…
⚠️ New threat detected: [email protected] ⚠️ This file contains a malicious React router component that implements a supply chain attack through navigation data exfiltration. The code appears to be a legitimate StaticRouter component but secre... socket.dev/npm/package/tp…
⚠️ New threat detected: @vbegwsqjumjooehukkii/[email protected] ⚠️ The file contains code implementing a reverse shell that connects to an external server (6.tcp.ngrok[.]io:12456), allowing an attacker to execute arbitrary commands on the v... socket.dev/npm/package/@v…
⚠️ New threat detected: [email protected] ⚠️ The script performs a DNS lookup to a potentially malicious domain that is constructed using the user's username. This behavior raises significant concerns about data exfiltration and telemetry. socket.dev/npm/package/dx…
⚠️ New threat detected: [email protected] ⚠️ The script seems to be part of a spamming operation and uses bad security practices, such as hardcoding paths and credentials. Therefore, it's a potential security risk. socket.dev/npm/package/wa…
⚠️ New threat detected: [email protected] ⚠️ The code is designed to collect and send sensitive information to a remote server without the user's knowledge or consent. It poses a high risk of data exfiltration and should be reviewed thoroug... socket.dev/npm/package/ge…
⚠️ New threat detected: [email protected] ⚠️ The code is designed to collect and send sensitive information to a remote server without the user's knowledge or consent. It poses a high risk of data exfiltration and should be reviewed thorough... socket.dev/npm/package/ad…
⚠️ New threat detected: [email protected] ⚠️ The code is designed to collect and send sensitive information to a remote server without the user's knowledge or consent. It poses a high risk of data exfiltration and should be rev... socket.dev/npm/package/ap…
⚠️ New threat detected: @xvideos/[email protected] ⚠️ This code is intentionally obfuscated and uses DNS queries to exfiltrate system information, which could be a significant security risk. The hardcoded domain and the potential data exfiltration rai... socket.dev/npm/package/@x…
⚠️ New threat detected: @azure-tests/[email protected] ⚠️ The code exhibits clear signs of malicious behavior involving data theft and exfiltration. It encodes and sends sensitive system and user data to a suspicious domain via both DNS queries ... socket.dev/npm/package/@a…
⚠️ New threat detected: [email protected] ⚠️ The obfuscated portion of this file is malicious: it enumerates browser profiles and wallets, copies and stages sensitive files, uploads them to a remote endpoint, and exposes remote command execution (child... socket.dev/npm/package/ep…
⚠️ New threat detected: [email protected] ⚠️ This file contains an obfuscated backdoor that executes a fetch() POST to https://api[.]telegram[.]org/bot8040141601:AAHhDd5DXTE9OHupVlm0NMqKSjtaSaovcNE/sendMessage with Content-Type application/json. The re... socket.dev/npm/package/ba…
⚠️ New threat detected: [email protected] ⚠️ Malicious code designed to automate Facebook account takeover by systematically bypassing the platform's security checkpoint system. The code implements a four-phase process that navigates through Fac... socket.dev/npm/package/fc…
⚠️ New threat detected: [email protected] ⚠️ Malicious code designed to automate Facebook account takeover by systematically bypassing the platform's security checkpoint system. The code implements a four-phase process that navigates through Fa... socket.dev/npm/package/fc…
⚠️ New threat detected: [email protected] ⚠️ The code is a clear security threat exhibiting malicious behavior: it exfiltrates sensitive environment variables to a suspicious external server and executes arbitrary code received from that serv... socket.dev/npm/package/ta…