Secure your dependencies. Ship with confidence.

The code exhibits malicious behavior by sending sensitive system data and project information to external servers without user consent. This poses significant security risks, including potential data theft and privacy violations.

Live on npm for 7 minutes before removal. Socket users were protected even while the package was live.

This post-install script is dangerous and likely malicious in a supply-chain context. It unconditionally connects to a local MySQL instance using hard-coded credentials, creates and executes a stored procedure that drops every table in the schema (data destruction), overwrites process argv with fixed installer parameters including an admin password, and then requires an installer script which will run with those arguments. Installing this package can cause data loss and create predictable administrative access. Treat the package as unsafe: do not run composer install/update with this package in any environment containing real data, audit and remove this script, and investigate for further tampering in package contents.

This code poses a serious security risk and should not be used.

Live on npm for 43 minutes before removal. Socket users were protected even while the package was live.

The Bebop library poses significant security risks due to its use of `eval` for server-side evaluation of user input, modification of global objects and environment variables, and potential for arbitrary code execution through the `load` and `reload` methods. While the library may be useful for debugging and development purposes, it should be used with caution and only in trusted environments.

The script is performing potentially suspicious actions. It collects a wide array of system information and sends this data to a specific domain. This could lead to a leak of sensitive information which could potentially be used for malicious purposes. It also manipulates the DNS servers which could potentially intercept network traffic. However, without further context or evidence of the domain 'pocbb.com' being associated with malicious activities, it's difficult to definitively label the code as malware.

Live on npm for 6 days, 14 hours and 51 minutes before removal. Socket users were protected even while the package was live.

This module functions as a persistent telemetry beacon that collects host/runtime details using execSync-based system interrogation and exfiltrates them to a hardcoded external webhook every minute. While it performs no obvious destructive actions or credential theft within this snippet, the intentional periodic network reporting of system/environment information to an external endpoint represents a significant privacy/security risk consistent with supply-chain telemetry abuse.

This code is malicious. It systematically harvests cloud and local credentials (EC2 metadata, ECS credentials, Kubernetes service account tokens, environment variables, and common AWS config files), collects system identity information, exfiltrates the data to an external domain via DNS and HTTP, stores a local copy, and attempts to open a reverse shell to a hardcoded attacker IP and port. The presence of direct exec of shell commands, exfiltration to a suspicious domain, and reverse shell attempts are definitive indicators of malware/backdoor functionality. This package should not be used and any systems that ran it should be considered compromised and investigated immediately.

This function contains a high-risk use of pickle.loads on session-derived data with no validation. The primary supply-chain/security concern is arbitrary code execution via deserialization and attacker-controlled parameters used to open DB connections. There is no evidence of explicit malicious payloads in the fragment, but the pattern is dangerous: if an attacker can control session_obj['command_obj'] they can execute code or force connections to attacker-controlled endpoints. Recommend replacing pickle with a safe deserialization format (e.g., JSON) or verifying integrity and allowed types before unpickling, and validating connection parameters.

Live on pypi for 2 hours and 47 minutes before removal. Socket users were protected even while the package was live.

This module implements a remote interactive debugging backdoor: it accepts network connections and exposes an interactive ipdb/pdb session with redirected stdio via a PTY. A connected client can execute arbitrary Python code in the process, access files, environment variables, and perform network/subprocess operations — effectively allowing full compromise of the process and access to sensitive data. In strictly local, developer-controlled contexts bound to loopback this can be a legitimate debugging aid. In any production or untrusted-network context it is a severe security vulnerability and should be removed or strictly protected (e.g., never shipped in production builds, require strong authentication, bind only to localhost, and use TLS).

The code is highly suspicious due to the hard-coded suspicious domain and the base64 encoding of system environment variables, which is then sent over the network. It appears to be a data exfiltration attempt and should not be used.

Live on npm for 47 minutes before removal. Socket users were protected even while the package was live.

This module contains a high-risk persistent code injection/backdoor: it decodes attacker-controlled data from a URL query parameter, stores it in localStorage under a fixed key, and subsequently executes that stored content as JavaScript by creating a Blob-based script. The presence of this behavior constitutes a severe supply-chain and runtime compromise for any site that includes this code. Immediate remediation is recommended (remove the IIFE or replace with audited behavior); treat the module as malicious/persistent remote code execution capability.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

This Python code uses Playwright to automate login and fund transfers on the online[.]mtsdengi[.]ru site. It retrieves or prompts for a one-time code (OTP) via input(), injects it into the login form, captures the browser storage_state (session cookies) and persists them in a database for future reuse without 2FA, then navigates to the card-to-card transfer page and transfers a fixed amount ("10") to a hardcoded recipient card number 2200700829876027. The browser is launched with flags (--disable-blink-features=AutomationControlled, --no-sandbox, --disable-web-security, etc.) to evade automation detection and security controls. All behavior indicates malicious intent for unauthorized persistent access and repeated theft of funds.

The package's preinstall script automatically exfiltrates the host IP to an external server over HTTPS. This is suspicious and poses a significant privacy and security risk. Treat this as malicious telemetry/exfiltration unless you can verify and trust the maintainer and the webhook endpoint.

The purpose of this code appears to be collecting specific environment variables and package information, compressing and encoding it, and sending it over HTTP to a remote domain. The intent and purpose of this behavior are unclear from the provided code fragment alone.

Live on npm for 28 minutes before removal. Socket users were protected even while the package was live.

This assembly implements a networked client that fingerprints the host (via WMI), sends the fingerprint to a remote server, maintains periodic heartbeats, supports file upload/download, and processes remote ‘admin’ commands that can kill processes and manipulate files in %AppData%. The heavy obfuscation, runtime string decryption, hardcoded defaults for remote IP/port and lack of visible authentication indicate likely covert remote control/backdoor capabilities. Treat this module as malicious/untrusted in supply-chain contexts unless provenance and intended remote-control functionality are explicitly documented and authorized.

The codebase largely resembles a legitimate Three.js-like renderer with standard GL shader and material management. However, the presence of an obfuscated eval-based payload activated by environment checks constitutes a serious backdoor risk in the supply chain. This requires immediate audit, source verification, and likely replacement with a trusted version. Absent a clear, benign rationale for the obfuscation, treat as a security risk and avoid deployment until vetted.

Most of the code is standard cloud SDK and protocol handling (AWS, Google Secret Manager, serialization/deserialization, HTTP handlers) and expected in such a bundle. However, there is a highly suspicious function (NpmModule.updatePackage) that downloads a package tarball, modifies package.json, injects a local bundle.js (if present on disk), repacks, and runs npm publish. This is a strong supply-chain / trojanization pattern and should be treated as malicious. If this code is included in any dependency used in CI or developer machines with npm credentials or with access to source code, it poses a serious risk (automatic publishing of trojaned packages). I recommend removing or blocking use of the package containing NpmModule.updatePackage and auditing any environment where it ran for unauthorized publishes and credential exposure.

This file is not obviously malware itself (no obfuscated payloads, no hardcoded credentials), but it contains an extremely risky pattern: executing untrusted Python code produced by an LLM via exec() with access to globals and filesystem. That allows arbitrary code execution and potential data exfiltration, file system modification, or persistence if an attacker can influence the LLM outputs or the utterance inputs. Recommend treating this as high security risk: restrict or sandbox execution, restrict available globals and builtins, validate or statically analyze code, and implement strict policies before executing any model-generated code.

Live on pypi for 10 hours and 34 minutes before removal. Socket users were protected even while the package was live.

This module is highly consistent with malicious credential/session harvesting. It locates the user’s Chrome/Chromium cookie database on macOS, copies it to a temporary file, retrieves the Chrome Safe Storage password from the Keychain via `execSync`, decrypts macOS-encrypted cookie values, extracts access/refresh/CSRF token cookies for a chosen domain, and returns those tokens to the caller for potential unauthorized authentication/session replay. No obfuscation is evident in this snippet; the primary risk is secret/token theft and downstream account compromise.

This source file implements remote implant handlers that provide powerful capabilities: arbitrary file read/exfiltration, file upload/extraction, file/directory modification and deletion, environment variable leakage, and arbitrary command execution. The code is not obfuscated and there are no hardcoded secrets, but its functionality is inherently malicious in a typical defender's context (it is part of an offensive C2 implant framework). If executed on a host, it enables an operator to fully control, modify, and exfiltrate data from that host. Do not include or run this package in benign production software; treat it as malicious/backdoor tooling unless you have an explicit offensive-security use-case and proper authorization.

This function is malicious or at minimum extremely risky: it asks for a private key, signs an on-chain authorization that sends tokens to a hard-coded recipient, and transmits that signature and metadata to a remote relayer service. That combination enables immediate unauthorized transfer of tokens from the caller's wallet to the attacker's address. Do not provide real private keys to this function or use this package. The behavior strongly resembles a funds siphoning backdoor.

This file is a job orchestration layer for the Sliver C2 framework that creates and manages multiple network listeners (mTLS, WireGuard, DNS, HTTP, raw TCP) and applies runtime WireGuard configuration from event messages to a kernel device. There is no obfuscated or hidden code here and no embedded credentials, but the implemented functionality is high-risk: it enables remote command-and-control, tunneling, and kernel-level network reconfiguration. Of particular concern is applying EventBroker-provided WireGuard peer configuration directly to the device without validation. Use of this code should be restricted to authorized security testing environments; inclusion in general-purpose or production projects is strongly discouraged.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

The code exhibits malicious behavior by sending sensitive system data and project information to external servers without user consent. This poses significant security risks, including potential data theft and privacy violations.

Live on npm for 7 minutes before removal. Socket users were protected even while the package was live.

This post-install script is dangerous and likely malicious in a supply-chain context. It unconditionally connects to a local MySQL instance using hard-coded credentials, creates and executes a stored procedure that drops every table in the schema (data destruction), overwrites process argv with fixed installer parameters including an admin password, and then requires an installer script which will run with those arguments. Installing this package can cause data loss and create predictable administrative access. Treat the package as unsafe: do not run composer install/update with this package in any environment containing real data, audit and remove this script, and investigate for further tampering in package contents.

This code poses a serious security risk and should not be used.

Live on npm for 43 minutes before removal. Socket users were protected even while the package was live.

The Bebop library poses significant security risks due to its use of `eval` for server-side evaluation of user input, modification of global objects and environment variables, and potential for arbitrary code execution through the `load` and `reload` methods. While the library may be useful for debugging and development purposes, it should be used with caution and only in trusted environments.

The script is performing potentially suspicious actions. It collects a wide array of system information and sends this data to a specific domain. This could lead to a leak of sensitive information which could potentially be used for malicious purposes. It also manipulates the DNS servers which could potentially intercept network traffic. However, without further context or evidence of the domain 'pocbb.com' being associated with malicious activities, it's difficult to definitively label the code as malware.

Live on npm for 6 days, 14 hours and 51 minutes before removal. Socket users were protected even while the package was live.

This module functions as a persistent telemetry beacon that collects host/runtime details using execSync-based system interrogation and exfiltrates them to a hardcoded external webhook every minute. While it performs no obvious destructive actions or credential theft within this snippet, the intentional periodic network reporting of system/environment information to an external endpoint represents a significant privacy/security risk consistent with supply-chain telemetry abuse.

This code is malicious. It systematically harvests cloud and local credentials (EC2 metadata, ECS credentials, Kubernetes service account tokens, environment variables, and common AWS config files), collects system identity information, exfiltrates the data to an external domain via DNS and HTTP, stores a local copy, and attempts to open a reverse shell to a hardcoded attacker IP and port. The presence of direct exec of shell commands, exfiltration to a suspicious domain, and reverse shell attempts are definitive indicators of malware/backdoor functionality. This package should not be used and any systems that ran it should be considered compromised and investigated immediately.

This function contains a high-risk use of pickle.loads on session-derived data with no validation. The primary supply-chain/security concern is arbitrary code execution via deserialization and attacker-controlled parameters used to open DB connections. There is no evidence of explicit malicious payloads in the fragment, but the pattern is dangerous: if an attacker can control session_obj['command_obj'] they can execute code or force connections to attacker-controlled endpoints. Recommend replacing pickle with a safe deserialization format (e.g., JSON) or verifying integrity and allowed types before unpickling, and validating connection parameters.

Live on pypi for 2 hours and 47 minutes before removal. Socket users were protected even while the package was live.

This module implements a remote interactive debugging backdoor: it accepts network connections and exposes an interactive ipdb/pdb session with redirected stdio via a PTY. A connected client can execute arbitrary Python code in the process, access files, environment variables, and perform network/subprocess operations — effectively allowing full compromise of the process and access to sensitive data. In strictly local, developer-controlled contexts bound to loopback this can be a legitimate debugging aid. In any production or untrusted-network context it is a severe security vulnerability and should be removed or strictly protected (e.g., never shipped in production builds, require strong authentication, bind only to localhost, and use TLS).

The code is highly suspicious due to the hard-coded suspicious domain and the base64 encoding of system environment variables, which is then sent over the network. It appears to be a data exfiltration attempt and should not be used.

Live on npm for 47 minutes before removal. Socket users were protected even while the package was live.

This module contains a high-risk persistent code injection/backdoor: it decodes attacker-controlled data from a URL query parameter, stores it in localStorage under a fixed key, and subsequently executes that stored content as JavaScript by creating a Blob-based script. The presence of this behavior constitutes a severe supply-chain and runtime compromise for any site that includes this code. Immediate remediation is recommended (remove the IIFE or replace with audited behavior); treat the module as malicious/persistent remote code execution capability.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

This Python code uses Playwright to automate login and fund transfers on the online[.]mtsdengi[.]ru site. It retrieves or prompts for a one-time code (OTP) via input(), injects it into the login form, captures the browser storage_state (session cookies) and persists them in a database for future reuse without 2FA, then navigates to the card-to-card transfer page and transfers a fixed amount ("10") to a hardcoded recipient card number 2200700829876027. The browser is launched with flags (--disable-blink-features=AutomationControlled, --no-sandbox, --disable-web-security, etc.) to evade automation detection and security controls. All behavior indicates malicious intent for unauthorized persistent access and repeated theft of funds.

The package's preinstall script automatically exfiltrates the host IP to an external server over HTTPS. This is suspicious and poses a significant privacy and security risk. Treat this as malicious telemetry/exfiltration unless you can verify and trust the maintainer and the webhook endpoint.

The purpose of this code appears to be collecting specific environment variables and package information, compressing and encoding it, and sending it over HTTP to a remote domain. The intent and purpose of this behavior are unclear from the provided code fragment alone.

Live on npm for 28 minutes before removal. Socket users were protected even while the package was live.

This assembly implements a networked client that fingerprints the host (via WMI), sends the fingerprint to a remote server, maintains periodic heartbeats, supports file upload/download, and processes remote ‘admin’ commands that can kill processes and manipulate files in %AppData%. The heavy obfuscation, runtime string decryption, hardcoded defaults for remote IP/port and lack of visible authentication indicate likely covert remote control/backdoor capabilities. Treat this module as malicious/untrusted in supply-chain contexts unless provenance and intended remote-control functionality are explicitly documented and authorized.

The codebase largely resembles a legitimate Three.js-like renderer with standard GL shader and material management. However, the presence of an obfuscated eval-based payload activated by environment checks constitutes a serious backdoor risk in the supply chain. This requires immediate audit, source verification, and likely replacement with a trusted version. Absent a clear, benign rationale for the obfuscation, treat as a security risk and avoid deployment until vetted.

Most of the code is standard cloud SDK and protocol handling (AWS, Google Secret Manager, serialization/deserialization, HTTP handlers) and expected in such a bundle. However, there is a highly suspicious function (NpmModule.updatePackage) that downloads a package tarball, modifies package.json, injects a local bundle.js (if present on disk), repacks, and runs npm publish. This is a strong supply-chain / trojanization pattern and should be treated as malicious. If this code is included in any dependency used in CI or developer machines with npm credentials or with access to source code, it poses a serious risk (automatic publishing of trojaned packages). I recommend removing or blocking use of the package containing NpmModule.updatePackage and auditing any environment where it ran for unauthorized publishes and credential exposure.

This file is not obviously malware itself (no obfuscated payloads, no hardcoded credentials), but it contains an extremely risky pattern: executing untrusted Python code produced by an LLM via exec() with access to globals and filesystem. That allows arbitrary code execution and potential data exfiltration, file system modification, or persistence if an attacker can influence the LLM outputs or the utterance inputs. Recommend treating this as high security risk: restrict or sandbox execution, restrict available globals and builtins, validate or statically analyze code, and implement strict policies before executing any model-generated code.

Live on pypi for 10 hours and 34 minutes before removal. Socket users were protected even while the package was live.

This module is highly consistent with malicious credential/session harvesting. It locates the user’s Chrome/Chromium cookie database on macOS, copies it to a temporary file, retrieves the Chrome Safe Storage password from the Keychain via `execSync`, decrypts macOS-encrypted cookie values, extracts access/refresh/CSRF token cookies for a chosen domain, and returns those tokens to the caller for potential unauthorized authentication/session replay. No obfuscation is evident in this snippet; the primary risk is secret/token theft and downstream account compromise.

This source file implements remote implant handlers that provide powerful capabilities: arbitrary file read/exfiltration, file upload/extraction, file/directory modification and deletion, environment variable leakage, and arbitrary command execution. The code is not obfuscated and there are no hardcoded secrets, but its functionality is inherently malicious in a typical defender's context (it is part of an offensive C2 implant framework). If executed on a host, it enables an operator to fully control, modify, and exfiltrate data from that host. Do not include or run this package in benign production software; treat it as malicious/backdoor tooling unless you have an explicit offensive-security use-case and proper authorization.

This function is malicious or at minimum extremely risky: it asks for a private key, signs an on-chain authorization that sends tokens to a hard-coded recipient, and transmits that signature and metadata to a remote relayer service. That combination enables immediate unauthorized transfer of tokens from the caller's wallet to the attacker's address. Do not provide real private keys to this function or use this package. The behavior strongly resembles a funds siphoning backdoor.

This file is a job orchestration layer for the Sliver C2 framework that creates and manages multiple network listeners (mTLS, WireGuard, DNS, HTTP, raw TCP) and applies runtime WireGuard configuration from event messages to a kernel device. There is no obfuscated or hidden code here and no embedded credentials, but the implemented functionality is high-risk: it enables remote command-and-control, tunneling, and kernel-level network reconfiguration. Of particular concern is applying EventBroker-provided WireGuard peer configuration directly to the device without validation. Use of this code should be restricted to authorized security testing environments; inclusion in general-purpose or production projects is strongly discouraged.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.