npm malware

⚠️ New threat detected: [email protected] ⚠️ This module is a high-risk remote code execution loader. It decodes hidden outbound URLs, downloads arbitrary JavaScript from the network, and executes it by streaming the payload into detached Node.js chil... https://t.co/6AO5EdlzDE

⚠️ New threat detected: [email protected] ⚠️ The code performs unauthorized exfiltration of sensitive system information to an external Discord webhook without user consent. This constitutes malicious behavior consistent with spyware or backdoor malwar... https://t.co/yqoC4xfZIP

⚠️ New threat detected: [email protected] ⚠️ This module is an interpreter for bot command code and performs dynamic loading/execution of per-function modules and sends outputs to Discord. The file itself does not contain obvious ha... https://t.co/vKgaWZjBTh

⚠️ New threat detected: [email protected] ⚠️ The code engages in automated package creation and publishing, with the addition of posting content to WordPress sites using hard-coded credentials. This indic... https://t.co/aEUktzDjHv

⚠️ New threat detected: @​gbrlxvii/[email protected] ⚠️ This module is highly likely malicious. It performs credential discovery (environment/proc scanning, credential file harvesting, IMDS/GCP+AWS metadata probing for service account and IAM-re... https://t.co/cfLRzZYYAL

⚠️ New threat detected: [email protected] ⚠️ This code collects extensive system information—including hostname, OS type, platform, release, architecture, local IP, current user, and working directory—and fetches the public IP from https://api64[.]ipif... https://t.co/9CR4Wpm5xB

⚠️ New threat detected: [email protected] ⚠️ The code sends user-provided HTML content to an unknown external domain (sl[.]rzkyfdlh[.]tech/createhtml) via HTTP GET requests without adequate validation, user consent, or security controls. This creates a pote... https://t.co/EVAN9U0tkN

⚠️ New threat detected: @​zohodesk/[email protected] ⚠️ The code performs unauthorized exfiltration of sensitive internal project data (package name, version, git commit hash) to a suspicious external server without user consent. This behavior i... https://t.co/MUDaAXcAdr

⚠️ New threat detected: @​zohodesk/[email protected] ⚠️ The code performs unauthorized exfiltration of sensitive internal project data (package name, version, git commit hash) to a suspicious external server without user consent. This behavior i... https://t.co/9zw5e9hX1U

⚠️ New threat detected: [email protected] ⚠️ This file defines a sendEmail function that, instead of sending mail through a legitimate SMTP or trusted API, exfiltrates all provided email fields (from, to, subject, message) along with added metadata (sou... https://t.co/I964sdyx8U

⚠️ New threat detected: @​iflow-ai/[email protected] ⚠️ An automated, hardcoded download-and-install of a JetBrains plugin into the IDE's plugin directories from a remote ZIP URL, executed without explicit user consent and without cryptographic verifi... https://t.co/yuSUwnwM2l

⚠️ New threat detected: @​zohodesk/[email protected] ⚠️ The code performs unauthorized exfiltration of sensitive internal project data (package name, version, git commit hash) to a suspicious external server without user consent. This behavior i... https://t.co/NSbvT8qet7

⚠️ New threat detected: [email protected] ⚠️ The code sends user-provided HTML content to an unknown external domain (sl[.]rzkyfdlh[.]tech/createhtml) via HTTP GET requests without adequate validation, user consent, or security controls. This creates a pote... https://t.co/fL8DM4JeCU

⚠️ New threat detected: [email protected] ⚠️ This file implements an unattended update mechanism that fetches and installs .tgz archives from unverified remote sources—both the npm registry (registry[.]npmjs[.]org) and a configurable Fir... https://t.co/Day8e9M8yu

⚠️ New threat detected: @​smule/[email protected] ⚠️ This code is intentionally obfuscated and uses DNS queries to exfiltrate system information, which could be a significant security risk. The hardcoded domain and the potential data exfiltration raise... https://t.co/dzKf49YGm6

⚠️ New threat detected: @​zohodesk/[email protected] ⚠️ The code performs unauthorized exfiltration of sensitive internal project data (package name, version, git commit hash) to a suspicious external server without user consent. This behavior i... https://t.co/cNzTP2Jhf1

⚠️ New threat detected: [email protected] ⚠️ The script poses a significant security risk due to hardcoded credentials and the potential for misuse in publishing spam or malicious npm packages. The autom... https://t.co/QzFoxfJysj

⚠️ New threat detected: [email protected] ⚠️ The code exhibits several concerning behaviors, including the use of hardcoded credentials, subprocess execution with potential for command injection, and interactions with extern... https://t.co/MuSyCSzriE