#npm-malware tag

Cache-poisoning caper turns TanStack npm packages toxic

Eighty-four malicious TanStack npm package versions stole credentials, self-propagated, and wiped disks after poisoning GitHub Actions caches and extracting npm OIDC tokens.

fromThe Hacker News

2 months ago

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

"The sample retains Shai-Hulud hallmarks and adds GitHub API exfiltration with DNS fallback, hook-based persistence, SSH propagation fallback, MCP server injection with embedded prompt injection targeting AI coding assistants, and LLM API Key harvesting," the company said. The packages, published to npm by two npm publisher aliases, official334 and javaorg, are listed below - Also identified are four sleeper packages that do not incorporate any malicious features -

Information security

fromThe Hacker News

4 months ago

Researchers Spot Modified Shai-Hulud Worm Testing Payload on npm Registry

A new, modified Shai Hulud npm malware strain was uploaded via @vietmoney/react-big-calendar, showing obfuscated code and potential worm-like supply-chain propagation.

Information security

fromThe Hacker News

4 months ago

Fake WhatsApp API Package on npm Steals Messages, Contacts, and Login Tokens

A malicious npm package named 'lotusbail' functions as a WhatsApp API while stealing authentication tokens, messages, contacts, media, and creating persistent account access.

#software-supply-chain

fromInfoWorld

5 months ago

Information security

Contagious Interview attackers go 'full stack' to fool you

fromThe Hacker News

7 months ago

Information security

First Malicious MCP Server Found Stealing Emails in Rogue Postmark-MCP Package

fromInfoWorld

5 months ago

Information security

Contagious Interview attackers go 'full stack' to fool you

fromThe Hacker News

7 months ago

Information security

First Malicious MCP Server Found Stealing Emails in Rogue Postmark-MCP Package

more#software-supply-chain

Information security

fromThe Hacker News

5 months ago

Seven npm Packages Use Adspect Cloaking to Trick Victims Into Crypto Scam Pages

Seven npm packages used the Adspect cloaking service to fingerprint visitors and selectively redirect real victims to malicious crypto-themed sites while evading security researchers.

Information security

fromTheregister

7 months ago

Fake Postmark MCP npm package stole emails with one-liner

A malicious npm package impersonating Postmark's MCP secretly BCC'd outgoing emails to an attacker, likely exfiltrating thousands of sensitive messages daily.

Information security

fromIT Pro

7 months ago

A malicious MCP server is silently stealing user emails

A malicious MCP server repackaged as Postmark on npm exfiltrated thousands of emails by adding a BCC line, exploiting full assistant privileges and bypassing security controls.

Information security

fromThe Hacker News

8 months ago

Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys

Four npm packages impersonating Flashbots exfiltrate Ethereum private keys and mnemonic seeds to a Telegram bot and redirect unsigned transactions to attacker-controlled wallets.

#npm-malware#npm-malware

Cache-poisoning caper turns TanStack npm packages toxic

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

Researchers Spot Modified Shai-Hulud Worm Testing Payload on npm Registry

Fake WhatsApp API Package on npm Steals Messages, Contacts, and Login Tokens

Contagious Interview attackers go 'full stack' to fool you

First Malicious MCP Server Found Stealing Emails in Rogue Postmark-MCP Package

Contagious Interview attackers go 'full stack' to fool you

First Malicious MCP Server Found Stealing Emails in Rogue Postmark-MCP Package

Seven npm Packages Use Adspect Cloaking to Trick Victims Into Crypto Scam Pages

Fake Postmark MCP npm package stole emails with one-liner

A malicious MCP server is silently stealing user emails

Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys

#npm-malware
#npm-malware