Secure your dependencies. Ship with confidence.

The threat is a VS Code extension (qqq.js) that uses Chrome DevTools Protocol to automate a Chromium instance, harvests session cookies and related headers via Network.getCookies and document.cookie, and reuses these credentials in subsequent download requests. It also auto-downloads and executes external binaries and components from various sources, with ancillary clipboard access and interop code, creating multiple attack surfaces including supply-chain risk and potential data leakage. Overall, it represents a credential-stealing and exfiltration risk tied to a browser automation workflow and external binary usage.

Live on openvsx for 28 days, 12 hours and 51 minutes before removal. Socket users were protected even while the package was live.

This file gathers detailed OS and network information (including hostname, user details, and IP addresses) and sends it to hardcoded endpoints (e.g., http://23[.]22[.]251[.]177:8080/jpd[.]php and http://23[.]22[.]251[.]177:8080/jpd1[.]php) via HTTP GET and POST requests. It also attempts to fall back on a WebSocket connection (wss://yourserver[.]com/socket) if needed. The code fetches the public IP address from https://api64.ipify.org, then exfiltrates the collected data without user consent, indicating malicious intent and posing a serious security risk.

Live on npm for 5 hours and 53 minutes before removal. Socket users were protected even while the package was live.

WebLogic CORBA/IIOP exploitation framework containing hardcoded exploit payloads for binding/rebinding remote objects and executing remote constructor payloads. The code implements multi-stage attacks including backdoor installation capabilities through serialized Java bytecode injection. Contains embedded hex-encoded payloads targeting WebLogic internal classes (weblogic[.]corba[.]cos[.]naming[.]NamingContextAny) and CORBA naming contexts. Functionality includes remote command execution through getServerLocation method calls and JNDI manipulation attacks. While this is legitimate penetration testing code within a security framework, the presence of ready-to-use exploit payloads and backdoor installation mechanisms represents unusual patterns that security tools should flag for review.

This module implements a bidirectional bridge between network sockets and a local process, enabling interactive remote control (remote shell) when exec is provided. It is high-risk: subprocess creation uses shell=True and network input is forwarded directly to subprocess stdin with no authentication, authorization, encryption, or sanitization. In a trusted, well-controlled environment (local-only testing, isolated VM) it can be useful; in general production or untrusted-network deployments it should be considered dangerous and not used without adding robust authentication, encryption (TLS), input validation, and avoiding shell=True (use list args). Recommendation: do not run exposed to untrusted networks; change subprocess invocation to avoid shell=True, add authentication and TLS, and restrict/validate exec strings and network sources.

Live on pypi for 2 hours before removal. Socket users were protected even while the package was live.

This module contains risky behavior consistent with a supply-chain/security misconfiguration rather than explicit malicious code. The most serious issue is a hardcoded API key embedded in source and use of an SDK client to fetch remote data which is then written into the package filesystem. The subprocess calls to read git user.name/email add further privacy risk. There is no explicit code that exfiltrates or executes arbitrary code, but the secret in source and file-write side-effects make this package unsuitable for use until credentials are removed and behavior is made explicit and secure.

Live on pypi for 9 hours and 1 minute before removal. Socket users were protected even while the package was live.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

This file implements a malicious network flood and local-file transmission tool. It will create massive concurrent outbound TCP connections and stream a local file to the configured target — actions consistent with denial-of-service and data-exfiltration malware. The code is not obfuscated but is intentionally destructive/abusive. Do not run this code. Investigate any instances where this file appears in repositories or systems and treat as malicious/artifact of abuse. The script also contains a syntax error that may prevent execution as provided.

This dependency fragment is a high-capability in-process instrumentation and runtime manipulation toolkit. It can dynamically generate executable wrappers (eval), compile native code (CModule), patch executable memory (Memory.protect/patchCode) and rewrite execution entrypoints/trampolines, replace Objective-C/ART/Dalvik methods, and enable JDWP debugging/control via socketpair handshake. While it may be dual-use (debugging), its active tampering + code execution capabilities make it strongly dangerous in a supply-chain context and consistent with malware-like sabotage/backdoor behavior potential if misused by consumers or an attacker.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

This module contains a high-severity supply-chain/asset execution risk: it dynamically executes loader-provided JavaScript content using eval() to instantiate a NeutrinoEffect, then uses the resulting effect to control subsequent texture loading and rendering behavior. If resource.data is attacker-influenced (compromised asset, tampered CDN/package, or malicious effect resource), this provides arbitrary code execution in the application context. Rendering/buffer code is largely non-suspicious aside from consuming attacker-controlled outputs.

The code exhibits malicious behavior consistent with ransomware, including unauthorized file encryption and suspicious network communication. The legitimate error handling functionality is likely being used as a cover for the ransomware components. Immediate action is required to address the threat posed by this code.

Live on npm for 2 hours and 46 minutes before removal. Socket users were protected even while the package was live.

The package will automatically run index.js during installation via the postinstall hook. This is a high-risk behavior because it grants the package arbitrary code execution on the host at install time. The package metadata (description 'Hijack', odd repository field) increases suspicion. Inspect the contents of index.js before installing or avoid installing this package from untrusted sources.

The code exhibits characteristics of potentially malicious behavior, including DNS resolution to suspicious domains and execution of obfuscated commands. The use of obfuscation suggests an attempt to conceal its true intent, which could be harmful. The risk and malware scores are high due to these factors.

Live on npm for 3 hours and 19 minutes before removal. Socket users were protected even while the package was live.

This code fragment is overwhelmingly indicative of an offensive Grav CMS exploit/PoC. It automates authenticated admin interaction, creates a new page, harvests nonce tokens from HTML, and submits attacker-controlled content intended to trigger SSTI/RCE and command execution. The only notable uncertainty is that the payload literal is missing/incomplete in the provided fragment, but the injection chain and explicit exploitation messaging remain strong indicators of malicious intent.

The package contains a hidden payload that targets Russian language users visiting Russian and Belarusian sites. For those users, it will disable user interaction and play a looping audio of the Ukrainian anthem after 3 days. Therefore, it is marked as malware only because it freezes interactions for many users. This behavior is not disclosed in any documentation of the package and seriously disrupts user experience.

This module implements privileged node and device management and exposes HTTP endpoints that accept user input used directly in shell commands and Docker operations. Main risks: command injection (unsanitized string interpolation into shell commands and os.popen), destructive device operations (partitioning, bind/unbind), supplying arbitrary images to be pulled and run as privileged containers, and use of an unencrypted/unprotected Docker TCP socket (tcp://...:2375). I assess this as not manifestly malware but a high-risk administrative component that must be strictly access-controlled and hardened (validate/sanitize inputs, avoid passing raw user values into shell/Docker operations, use secure Docker API access, avoid exposing endpoints publicly).

The code exhibits clear signs of malicious behavior by collecting and sending detailed system information to a remote server without user consent. The use of a detached child process suggests an attempt to maintain persistence. This poses a significant security risk.

Live on npm for 13 minutes before removal. Socket users were protected even while the package was live.

This module is high risk. It deliberately conceals executable code in an embedded compressed Base64 blob and executes it immediately on import via exec(). That pattern grants the payload full program privileges with no visibility or integrity checks, and is frequently used for malicious supply-chain implants. If you cannot fully decode and audit the inner payload, treat this package as untrusted and remove or isolate it. If permitted, decode and inspect (or run in a tightly controlled sandbox) the decompressed source to determine intent before allowing use in production.

The code executes system commands and sends their output to a suspicious remote server, indicating potential malicious behavior. The code is not obfuscated, but it poses a high security risk due to the nature of the actions performed.

Live on npm for 13 hours and 32 minutes before removal. Socket users were protected even while the package was live.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

This module contains a critical vulnerability: unconstrained eval() of attacker-controlled 'input.expr' with access to local variables (including a formatted request object). This yields remote code execution and potential data exfiltration. The code likely represents an insecure design/bug rather than intentionally malicious code, but it must be remediated before handling untrusted inputs. Also fix the apparent syntax error in getAttr.

This script is a high-risk launcher: it unconditionally fetches Python code from a hardcoded remote repo and executes it locally via a shell-invoked Python process while passing unsanitized user inputs directly into the shell command. Even if the upstream repository is currently benign, the pattern enables trivial supply-chain compromise and shell injection. Mitigations: remove runtime download-and-exec; if fetching is necessary, pin and verify cryptographic hashes or signatures, validate content, avoid os.system (use subprocess with argument lists or importlib), sanitize inputs, and add error handling and logging. Treat this module as unsafe in security-sensitive environments until hardened.

The threat is a VS Code extension (qqq.js) that uses Chrome DevTools Protocol to automate a Chromium instance, harvests session cookies and related headers via Network.getCookies and document.cookie, and reuses these credentials in subsequent download requests. It also auto-downloads and executes external binaries and components from various sources, with ancillary clipboard access and interop code, creating multiple attack surfaces including supply-chain risk and potential data leakage. Overall, it represents a credential-stealing and exfiltration risk tied to a browser automation workflow and external binary usage.

Live on openvsx for 28 days, 12 hours and 51 minutes before removal. Socket users were protected even while the package was live.

This file gathers detailed OS and network information (including hostname, user details, and IP addresses) and sends it to hardcoded endpoints (e.g., http://23[.]22[.]251[.]177:8080/jpd[.]php and http://23[.]22[.]251[.]177:8080/jpd1[.]php) via HTTP GET and POST requests. It also attempts to fall back on a WebSocket connection (wss://yourserver[.]com/socket) if needed. The code fetches the public IP address from https://api64.ipify.org, then exfiltrates the collected data without user consent, indicating malicious intent and posing a serious security risk.

Live on npm for 5 hours and 53 minutes before removal. Socket users were protected even while the package was live.

WebLogic CORBA/IIOP exploitation framework containing hardcoded exploit payloads for binding/rebinding remote objects and executing remote constructor payloads. The code implements multi-stage attacks including backdoor installation capabilities through serialized Java bytecode injection. Contains embedded hex-encoded payloads targeting WebLogic internal classes (weblogic[.]corba[.]cos[.]naming[.]NamingContextAny) and CORBA naming contexts. Functionality includes remote command execution through getServerLocation method calls and JNDI manipulation attacks. While this is legitimate penetration testing code within a security framework, the presence of ready-to-use exploit payloads and backdoor installation mechanisms represents unusual patterns that security tools should flag for review.

This module implements a bidirectional bridge between network sockets and a local process, enabling interactive remote control (remote shell) when exec is provided. It is high-risk: subprocess creation uses shell=True and network input is forwarded directly to subprocess stdin with no authentication, authorization, encryption, or sanitization. In a trusted, well-controlled environment (local-only testing, isolated VM) it can be useful; in general production or untrusted-network deployments it should be considered dangerous and not used without adding robust authentication, encryption (TLS), input validation, and avoiding shell=True (use list args). Recommendation: do not run exposed to untrusted networks; change subprocess invocation to avoid shell=True, add authentication and TLS, and restrict/validate exec strings and network sources.

Live on pypi for 2 hours before removal. Socket users were protected even while the package was live.

This module contains risky behavior consistent with a supply-chain/security misconfiguration rather than explicit malicious code. The most serious issue is a hardcoded API key embedded in source and use of an SDK client to fetch remote data which is then written into the package filesystem. The subprocess calls to read git user.name/email add further privacy risk. There is no explicit code that exfiltrates or executes arbitrary code, but the secret in source and file-write side-effects make this package unsuitable for use until credentials are removed and behavior is made explicit and secure.

Live on pypi for 9 hours and 1 minute before removal. Socket users were protected even while the package was live.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

This file implements a malicious network flood and local-file transmission tool. It will create massive concurrent outbound TCP connections and stream a local file to the configured target — actions consistent with denial-of-service and data-exfiltration malware. The code is not obfuscated but is intentionally destructive/abusive. Do not run this code. Investigate any instances where this file appears in repositories or systems and treat as malicious/artifact of abuse. The script also contains a syntax error that may prevent execution as provided.

This dependency fragment is a high-capability in-process instrumentation and runtime manipulation toolkit. It can dynamically generate executable wrappers (eval), compile native code (CModule), patch executable memory (Memory.protect/patchCode) and rewrite execution entrypoints/trampolines, replace Objective-C/ART/Dalvik methods, and enable JDWP debugging/control via socketpair handshake. While it may be dual-use (debugging), its active tampering + code execution capabilities make it strongly dangerous in a supply-chain context and consistent with malware-like sabotage/backdoor behavior potential if misused by consumers or an attacker.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

This module contains a high-severity supply-chain/asset execution risk: it dynamically executes loader-provided JavaScript content using eval() to instantiate a NeutrinoEffect, then uses the resulting effect to control subsequent texture loading and rendering behavior. If resource.data is attacker-influenced (compromised asset, tampered CDN/package, or malicious effect resource), this provides arbitrary code execution in the application context. Rendering/buffer code is largely non-suspicious aside from consuming attacker-controlled outputs.

The code exhibits malicious behavior consistent with ransomware, including unauthorized file encryption and suspicious network communication. The legitimate error handling functionality is likely being used as a cover for the ransomware components. Immediate action is required to address the threat posed by this code.

Live on npm for 2 hours and 46 minutes before removal. Socket users were protected even while the package was live.

The package will automatically run index.js during installation via the postinstall hook. This is a high-risk behavior because it grants the package arbitrary code execution on the host at install time. The package metadata (description 'Hijack', odd repository field) increases suspicion. Inspect the contents of index.js before installing or avoid installing this package from untrusted sources.

The code exhibits characteristics of potentially malicious behavior, including DNS resolution to suspicious domains and execution of obfuscated commands. The use of obfuscation suggests an attempt to conceal its true intent, which could be harmful. The risk and malware scores are high due to these factors.

Live on npm for 3 hours and 19 minutes before removal. Socket users were protected even while the package was live.

This code fragment is overwhelmingly indicative of an offensive Grav CMS exploit/PoC. It automates authenticated admin interaction, creates a new page, harvests nonce tokens from HTML, and submits attacker-controlled content intended to trigger SSTI/RCE and command execution. The only notable uncertainty is that the payload literal is missing/incomplete in the provided fragment, but the injection chain and explicit exploitation messaging remain strong indicators of malicious intent.

The package contains a hidden payload that targets Russian language users visiting Russian and Belarusian sites. For those users, it will disable user interaction and play a looping audio of the Ukrainian anthem after 3 days. Therefore, it is marked as malware only because it freezes interactions for many users. This behavior is not disclosed in any documentation of the package and seriously disrupts user experience.

This module implements privileged node and device management and exposes HTTP endpoints that accept user input used directly in shell commands and Docker operations. Main risks: command injection (unsanitized string interpolation into shell commands and os.popen), destructive device operations (partitioning, bind/unbind), supplying arbitrary images to be pulled and run as privileged containers, and use of an unencrypted/unprotected Docker TCP socket (tcp://...:2375). I assess this as not manifestly malware but a high-risk administrative component that must be strictly access-controlled and hardened (validate/sanitize inputs, avoid passing raw user values into shell/Docker operations, use secure Docker API access, avoid exposing endpoints publicly).

The code exhibits clear signs of malicious behavior by collecting and sending detailed system information to a remote server without user consent. The use of a detached child process suggests an attempt to maintain persistence. This poses a significant security risk.

Live on npm for 13 minutes before removal. Socket users were protected even while the package was live.

This module is high risk. It deliberately conceals executable code in an embedded compressed Base64 blob and executes it immediately on import via exec(). That pattern grants the payload full program privileges with no visibility or integrity checks, and is frequently used for malicious supply-chain implants. If you cannot fully decode and audit the inner payload, treat this package as untrusted and remove or isolate it. If permitted, decode and inspect (or run in a tightly controlled sandbox) the decompressed source to determine intent before allowing use in production.

The code executes system commands and sends their output to a suspicious remote server, indicating potential malicious behavior. The code is not obfuscated, but it poses a high security risk due to the nature of the actions performed.

Live on npm for 13 hours and 32 minutes before removal. Socket users were protected even while the package was live.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

This module contains a critical vulnerability: unconstrained eval() of attacker-controlled 'input.expr' with access to local variables (including a formatted request object). This yields remote code execution and potential data exfiltration. The code likely represents an insecure design/bug rather than intentionally malicious code, but it must be remediated before handling untrusted inputs. Also fix the apparent syntax error in getAttr.

This script is a high-risk launcher: it unconditionally fetches Python code from a hardcoded remote repo and executes it locally via a shell-invoked Python process while passing unsanitized user inputs directly into the shell command. Even if the upstream repository is currently benign, the pattern enables trivial supply-chain compromise and shell injection. Mitigations: remove runtime download-and-exec; if fetching is necessary, pin and verify cryptographic hashes or signatures, validate content, avoid os.system (use subprocess with argument lists or importlib), sanitize inputs, and add error handling and logging. Treat this module as unsafe in security-sensitive environments until hardened.