#npm-malware tag

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

SANDWORM_MODE supply-chain worm uses malicious npm packages to harvest credentials and crypto keys, propagate via stolen identities, and target AI coding assistants.

Information security

fromThe Hacker News

1 month ago

Researchers Spot Modified Shai-Hulud Worm Testing Payload on npm Registry

A new, modified Shai Hulud npm malware strain was uploaded via @vietmoney/react-big-calendar, showing obfuscated code and potential worm-like supply-chain propagation.

Information security

fromThe Hacker News

2 months ago

Fake WhatsApp API Package on npm Steals Messages, Contacts, and Login Tokens

A malicious npm package named 'lotusbail' functions as a WhatsApp API while stealing authentication tokens, messages, contacts, media, and creating persistent account access.

#software-supply-chain

fromInfoWorld

2 months ago

Information security

Contagious Interview attackers go 'full stack' to fool you

fromThe Hacker News

5 months ago

Information security

First Malicious MCP Server Found Stealing Emails in Rogue Postmark-MCP Package

fromInfoWorld

2 months ago

Information security

Contagious Interview attackers go 'full stack' to fool you

fromThe Hacker News

5 months ago

Information security

First Malicious MCP Server Found Stealing Emails in Rogue Postmark-MCP Package

more#software-supply-chain

Information security

fromThe Hacker News

3 months ago

Seven npm Packages Use Adspect Cloaking to Trick Victims Into Crypto Scam Pages

Seven npm packages used the Adspect cloaking service to fingerprint visitors and selectively redirect real victims to malicious crypto-themed sites while evading security researchers.

Information security

fromTheregister

4 months ago

Fake Postmark MCP npm package stole emails with one-liner

A malicious npm package impersonating Postmark's MCP secretly BCC'd outgoing emails to an attacker, likely exfiltrating thousands of sensitive messages daily.

Information security

fromIT Pro

5 months ago

A malicious MCP server is silently stealing user emails

A malicious MCP server repackaged as Postmark on npm exfiltrated thousands of emails by adding a BCC line, exploiting full assistant privileges and bypassing security controls.

Information security

fromThe Hacker News

5 months ago

Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys

Four npm packages impersonating Flashbots exfiltrate Ethereum private keys and mnemonic seeds to a Telegram bot and redirect unsigned transactions to attacker-controlled wallets.

#npm-malware#npm-malware

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

Researchers Spot Modified Shai-Hulud Worm Testing Payload on npm Registry

Fake WhatsApp API Package on npm Steals Messages, Contacts, and Login Tokens

Contagious Interview attackers go 'full stack' to fool you

First Malicious MCP Server Found Stealing Emails in Rogue Postmark-MCP Package

Contagious Interview attackers go 'full stack' to fool you

First Malicious MCP Server Found Stealing Emails in Rogue Postmark-MCP Package

Seven npm Packages Use Adspect Cloaking to Trick Victims Into Crypto Scam Pages

Fake Postmark MCP npm package stole emails with one-liner

A malicious MCP server is silently stealing user emails

Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys

#npm-malware
#npm-malware