npm malware
@npm_malware
📣 We tweet malicious packages detected on npm in real-time. 🚨 Not affiliated with @npmjs or @github. 🛡 Powered by the @SocketSecurity threat feed. ✨
⚠️ New threat detected: [email protected] ⚠️ This module reaches out at startup to two hardcoded endpoints (https://api[.]npoint[.]io/45ae4382694fffe31eed and https://json-project-opal[.]vercel[.]app/apikey/ZIOBBPJ577T22HML), fetches a JSON pa... socket.dev/npm/package/vi…
⚠️ New threat detected: [email protected] ⚠️ The source code implements a malicious backdoor that stealthily collects and exfiltrates system information, including hostname, home directory, current path, public IP, and package name, to a hardcod... socket.dev/npm/package/ar…
⚠️ New threat detected: [email protected] ⚠️ This code implements a sophisticated data exfiltration operation targeting Facebook user data and chat information. It collects detailed personal information including names, locations, relationships, ... socket.dev/npm/package/fc…
⚠️ New threat detected: @aleshakovalev841/[email protected] ⚠️ This file reads a Telegram bot token from the environment (via dotenv), instantiates a bot that polls the Telegram API at api[.]telegram[.]org, and exports a function that sends any provided s... socket.dev/npm/package/@a…
⚠️ New threat detected: [email protected] ⚠️ The code is a clear security threat exhibiting malicious behavior: it exfiltrates sensitive environment variables to a suspicious external server and executes arbitrary code received from that ... socket.dev/npm/package/we…
⚠️ New threat detected: [email protected] ⚠️ This code implements a persistent remote code execution backdoor. It sends local system configuration data to an obfuscated remote server and then evaluates and executes any JavaScript code returned by that s... socket.dev/npm/package/is…
⚠️ New threat detected: [email protected] ⚠️ The code exhibits malicious behavior by exfiltrating environment data to an external server. It uses obfuscation techniques to hide its intent, indicating a high security risk. socket.dev/npm/package/ut…
⚠️ New threat detected: [email protected] ⚠️ The code is a clear security threat exhibiting malicious behavior: it exfiltrates sensitive environment variables to a suspicious external server and executes arbitrary code received from that server. T... socket.dev/npm/package/re…
⚠️ New threat detected: [email protected] ⚠️ The code is a clear security threat exhibiting malicious behavior: it exfiltrates sensitive environment variables to a suspicious external server and executes arbitrary code received from that server. T... socket.dev/npm/package/re…
⚠️ New threat detected: [email protected] ⚠️ This file includes heavily obfuscated logic that collects and base64-encodes environment variables, then posts them to example[.]com. It uses string slicing and reversal to mask its network behavior ... socket.dev/npm/package/ut…
⚠️ New threat detected: [email protected] ⚠️ This SQLite database file contains embedded explicit adult content and torrent distribution infrastructure instead of legitimate data. The file includes extensive HTML fragments with pornographic video meta... socket.dev/npm/package/cl…
⚠️ New threat detected: [email protected] ⚠️ This code implements a persistent remote code execution backdoor. It sends local system configuration data to an obfuscated remote server and then evaluates and executes any JavaScript code returned by that ... socket.dev/npm/package/is…
⚠️ New threat detected: [email protected] ⚠️ This module reaches out at startup to two hardcoded endpoints (https://api[.]npoint[.]io/45ae4382694fffe31eed and https://json-project-opal[.]vercel[.]app/apikey/ZIOBBPJ577T22HML), fetches a JSON pa... socket.dev/npm/package/vi…
⚠️ New threat detected: [email protected] ⚠️ The code is a clear security threat exhibiting malicious behavior: it exfiltrates sensitive environment variables to a suspicious external server and executes arbitrary code received from that s... socket.dev/npm/package/vi…
⚠️ New threat detected: [email protected] ⚠️ The code is a clear security threat exhibiting malicious behavior: it exfiltrates sensitive environment variables to a suspicious external server and executes arbitrary code received from that ... socket.dev/npm/package/we…
⚠️ New threat detected: [email protected] ⚠️ This source code is malicious and designed to stealthily exfiltrate sensitive system information and environment variables via DNS queries to an attacker-controlled domain. It employs evasion techniques... socket.dev/npm/package/te…
⚠️ New threat detected: [email protected] ⚠️ This file silently gathers environment and package metadata—including __dirname (current directory), os.homedir() (user home directory), os.hostname(), os.userInfo().username, dns.getServers(), and t... socket.dev/npm/package/te…
⚠️ New threat detected: [email protected] ⚠️ Attributed by the Socket Threat Research Team to North Korea’s “Contagious Interview” operation, this package is a multi-stage Node.js infostealer/loader that executes immediately on install, steals br... socket.dev/npm/package/er…
⚠️ New threat detected: [email protected] ⚠️ Attributed by the Socket Threat Research Team to North Korea’s **“Contagious Interview”** operation, this package is a **multi-stage Node.js infostealer/loader** that executes immediately on install,... socket.dev/npm/package/re…
⚠️ New threat detected: [email protected] ⚠️ This file contains malicious code that functions as a backdoor with data exfiltration and remote code execution capabilities. The code systematically collects sensitive system information in... socket.dev/npm/package/es…
United States Trends
- 1. Good Wednesday 28.6K posts
- 2. #wednesdaymotivation 6,324 posts
- 3. #LoveYourW2025 210K posts
- 4. Jay Jones 57.6K posts
- 5. Hump Day 12.7K posts
- 6. Markey 1,146 posts
- 7. #VxWKOREA 54.1K posts
- 8. Moulton N/A
- 9. #GenV 4,562 posts
- 10. And the Word 76K posts
- 11. St. Teresa of Avila 2,378 posts
- 12. #15Oct 4,316 posts
- 13. Young Republicans 102K posts
- 14. Raila Odinga 190K posts
- 15. Voting Rights Act 7,461 posts
- 16. Happy Hump 7,817 posts
- 17. Tami 5,293 posts
- 18. HSBC 1,796 posts
- 19. Hobi 37.1K posts
- 20. Lonzo 3,734 posts
Something went wrong.
Something went wrong.