npm malware
@npm_malware
📣 We tweet malicious packages detected on npm in real-time. 🚨 Not affiliated with @npmjs or @github. 🛡 Powered by the @SocketSecurity threat feed. ✨
⚠️ New threat detected: [email protected] ⚠️ This module reaches out at startup to two hardcoded endpoints (https://api[.]npoint[.]io/45ae4382694fffe31eed and https://json-project-opal[.]vercel[.]app/apikey/ZIOBBPJ577T22HML), fetches a JSON pa... socket.dev/npm/package/vi…
⚠️ New threat detected: [email protected] ⚠️ The source code implements a malicious backdoor that stealthily collects and exfiltrates system information, including hostname, home directory, current path, public IP, and package name, to a hardcod... socket.dev/npm/package/ar…
⚠️ New threat detected: [email protected] ⚠️ This code implements a sophisticated data exfiltration operation targeting Facebook user data and chat information. It collects detailed personal information including names, locations, relationships, ... socket.dev/npm/package/fc…
⚠️ New threat detected: @aleshakovalev841/[email protected] ⚠️ This file reads a Telegram bot token from the environment (via dotenv), instantiates a bot that polls the Telegram API at api[.]telegram[.]org, and exports a function that sends any provided s... socket.dev/npm/package/@a…
⚠️ New threat detected: [email protected] ⚠️ The code is a clear security threat exhibiting malicious behavior: it exfiltrates sensitive environment variables to a suspicious external server and executes arbitrary code received from that ... socket.dev/npm/package/we…
⚠️ New threat detected: [email protected] ⚠️ This code implements a persistent remote code execution backdoor. It sends local system configuration data to an obfuscated remote server and then evaluates and executes any JavaScript code returned by that s... socket.dev/npm/package/is…
⚠️ New threat detected: [email protected] ⚠️ The code exhibits malicious behavior by exfiltrating environment data to an external server. It uses obfuscation techniques to hide its intent, indicating a high security risk. socket.dev/npm/package/ut…
⚠️ New threat detected: [email protected] ⚠️ The code is a clear security threat exhibiting malicious behavior: it exfiltrates sensitive environment variables to a suspicious external server and executes arbitrary code received from that server. T... socket.dev/npm/package/re…
⚠️ New threat detected: [email protected] ⚠️ The code is a clear security threat exhibiting malicious behavior: it exfiltrates sensitive environment variables to a suspicious external server and executes arbitrary code received from that server. T... socket.dev/npm/package/re…
⚠️ New threat detected: [email protected] ⚠️ This file includes heavily obfuscated logic that collects and base64-encodes environment variables, then posts them to example[.]com. It uses string slicing and reversal to mask its network behavior ... socket.dev/npm/package/ut…
⚠️ New threat detected: [email protected] ⚠️ This SQLite database file contains embedded explicit adult content and torrent distribution infrastructure instead of legitimate data. The file includes extensive HTML fragments with pornographic video meta... socket.dev/npm/package/cl…
⚠️ New threat detected: [email protected] ⚠️ This code implements a persistent remote code execution backdoor. It sends local system configuration data to an obfuscated remote server and then evaluates and executes any JavaScript code returned by that ... socket.dev/npm/package/is…
⚠️ New threat detected: [email protected] ⚠️ This module reaches out at startup to two hardcoded endpoints (https://api[.]npoint[.]io/45ae4382694fffe31eed and https://json-project-opal[.]vercel[.]app/apikey/ZIOBBPJ577T22HML), fetches a JSON pa... socket.dev/npm/package/vi…
⚠️ New threat detected: [email protected] ⚠️ The code is a clear security threat exhibiting malicious behavior: it exfiltrates sensitive environment variables to a suspicious external server and executes arbitrary code received from that s... socket.dev/npm/package/vi…
⚠️ New threat detected: [email protected] ⚠️ The code is a clear security threat exhibiting malicious behavior: it exfiltrates sensitive environment variables to a suspicious external server and executes arbitrary code received from that ... socket.dev/npm/package/we…
⚠️ New threat detected: [email protected] ⚠️ This source code is malicious and designed to stealthily exfiltrate sensitive system information and environment variables via DNS queries to an attacker-controlled domain. It employs evasion techniques... socket.dev/npm/package/te…
⚠️ New threat detected: [email protected] ⚠️ This file silently gathers environment and package metadata—including __dirname (current directory), os.homedir() (user home directory), os.hostname(), os.userInfo().username, dns.getServers(), and t... socket.dev/npm/package/te…
⚠️ New threat detected: [email protected] ⚠️ Attributed by the Socket Threat Research Team to North Korea’s “Contagious Interview” operation, this package is a multi-stage Node.js infostealer/loader that executes immediately on install, steals br... socket.dev/npm/package/er…
⚠️ New threat detected: [email protected] ⚠️ Attributed by the Socket Threat Research Team to North Korea’s **“Contagious Interview”** operation, this package is a **multi-stage Node.js infostealer/loader** that executes immediately on install,... socket.dev/npm/package/re…
⚠️ New threat detected: [email protected] ⚠️ This file contains malicious code that functions as a backdoor with data exfiltration and remote code execution capabilities. The code systematically collects sensitive system information in... socket.dev/npm/package/es…
United States Trends
- 1. Pat Spencer 2,496 posts
- 2. Kerr 5,359 posts
- 3. Podz 3,170 posts
- 4. Jimmy Butler 2,567 posts
- 5. Shai 14.8K posts
- 6. Seth Curry 4,352 posts
- 7. Hield 1,559 posts
- 8. Mark Pope 1,897 posts
- 9. #DubNation 1,405 posts
- 10. Carter Hart 3,921 posts
- 11. Derek Dixon 1,251 posts
- 12. Connor Bedard 2,298 posts
- 13. Brunson 7,336 posts
- 14. Kuminga 1,392 posts
- 15. #ThunderUp N/A
- 16. Caleb Wilson 1,147 posts
- 17. Notre Dame 39K posts
- 18. Braylon Mullins N/A
- 19. #SeanCombsTheReckoning 4,365 posts
- 20. Jaylen Brown 9,695 posts
Something went wrong.
Something went wrong.