Secure your dependencies. Ship with confidence.

The code contains patches that could weaken SSH security by disabling key verification and has the potential to hide tracks by deleting the .git directory. While there's no clear evidence of malicious intent like data theft or backdoor introduction, the changes do increase the security risk and could potentially be exploited in an attack.

Critical vulnerability: eval(self.data) on untrusted websocket input enables remote code execution. Even if subsequent 'path'/'key' checks fail, arbitrary code in the payload will have executed. Combined with invoking route handlers with attacker-controlled config and returning handler outputs to clients, this code poses a high security risk and should not be used in production. Immediate remediation: replace eval with a safe parser (e.g., json.loads) or ast.literal_eval if only literals are expected; perform input validation before any execution; never execute untrusted strings; use least-privilege runtime and sandboxing for handler execution; bind issued keys to client context and add proper error/edge-case handling (e.g., remove -> discard no-ops).

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

This file implements mutual TLS networking for the Sliver C2 framework. It does not contain obvious obfuscation, hidden credential harvesting, or direct exfiltration code in this fragment, but it is part of an explicit command-and-control system. Notable issues: unbounded message-length handling (DoS risk), fragile Read/error handling, and a potential for deadlocks when routing responses. If your threat model forbids C2 functionality, this package is inappropriate. If evaluating for secure coding, fix input-length validation and use io.ReadFull or similar, handle errors robustly, and add bounds checks on message size.

This script is a high-risk launcher: it unconditionally fetches Python code from a hardcoded remote repo and executes it locally via a shell-invoked Python process while passing unsanitized user inputs directly into the shell command. Even if the upstream repository is currently benign, the pattern enables trivial supply-chain compromise and shell injection. Mitigations: remove runtime download-and-exec; if fetching is necessary, pin and verify cryptographic hashes or signatures, validate content, avoid os.system (use subprocess with argument lists or importlib), sanitize inputs, and add error handling and logging. Treat this module as unsafe in security-sensitive environments until hardened.

This SQLite database file contains embedded explicit adult content and torrent distribution infrastructure instead of legitimate data. The file includes extensive HTML fragments with pornographic video metadata, download links to torrent files, and suspicious redirect URLs. Key malicious domains identified include rmdown[.]com, redircdn[.]com, 97p[.]org, qpic[.]ws, imgbox[.]com, and various other image hosting services. The content contains hash values for torrent files, BitTorrent magnet links, and obfuscated download URLs using multiple redirect layers to mask the true destinations. This represents a supply chain attack where adult content distribution infrastructure has been embedded within what appears to be a standard database file, potentially exposing users to inappropriate content and malicious download sites when accessed.

This module is not overtly malicious (no backdoor, network exfiltration, or obfuscated payload). However it contains a significant security risk: direct use of pickle.loads on data read from Redis, which can lead to arbitrary code execution if Redis content can be influenced by an attacker. Treat this as a serious security concern and avoid untrusted pickle deserialization.

Live on PyPI for 52 minutes before removal. Socket users were protected even while the package was live.

This module contains a critical vulnerability: unconstrained eval() of attacker-controlled 'input.expr' with access to local variables (including a formatted request object). This yields remote code execution and potential data exfiltration. The code likely represents an insecure design/bug rather than intentionally malicious code, but it must be remediated before handling untrusted inputs. Also fix the apparent syntax error in getAttr.

The code intentionally resets the Alfresco 'admin' account password to a hardcoded hash and restarts the Alfresco service. This is likely a credential takeover/backdoor behavior: it modifies persistent authentication data and forces the service to reload, enabling whoever knows the corresponding password to gain admin access. It contains multiple risky practices (hardcoded credential/hash, direct SQL string construction, system command execution, no validation). Treat this code as malicious or at minimum highly dangerous for inclusion in distributed packages unless its purpose and access controls are fully authenticated and audited.

The script sends potentially sensitive information (hostname and user ID) to an external server, which poses a significant security risk.

Live on npm for 14 days and 21 minutes before removal. Socket users were protected even while the package was live.

This module is not explicitly obfuscated or directly embedding malware, but it presents a high-risk pattern: it executes AI-generated shell commands with shell=True and no safety enforcement. The imported safety check (is_command_safe) is not used. That design allows arbitrary command execution, privilege escalation suggestions, and automated retries — all of which could be abused to run destructive or exfiltrative operations. Fixes should include enforcing command safety checks, prompting the user for explicit approval before executing AI-generated commands, avoiding shell=True where possible, limiting retries, and validating the API key usage bug. Treat this package as high-risk for runtime command execution until mitigations are added.

Live on PyPI for 10 hours and 31 minutes before removal. Socket users were protected even while the package was live.

This code implements explicit ARP poisoning / gratuitous ARP and enables IP forwarding — behavior that creates a Man-in-the-Middle capability. It is malicious or at least offensive by design (not a benign diagnostic helper). If executed by an authorized user in a controlled test environment, it could be used for legitimate network testing; otherwise, running it on production or unauthorized networks is malicious and illegal in many jurisdictions. There is no obfuscation or external C2; the primary risk is active network manipulation and persistent kernel state change (ip_forward). Recommend treating the package as high-risk and restricting its use to authorized security testing environments only.

The code downloads and executes an external script from an external URL and passes sensitive inputs (authToken, githubToken, repository/branch data) directly into the remote script invocation. This creates a high-risk remote code execution pathway with potential data leakage and no integrity validation. For safer operation, eliminate remote script execution, or implement verifiable, signed assets, sandboxing, and strict input sanitization. Use actions with minimal permissions and avoid exposing tokens in process arguments or logs.

The script is highly suspicious and likely malicious due to its data collection and transmission behavior. It is recommended not to use this script or the package it is part of without a thorough investigation and/or proper mitigation measures.

Live on npm for 21 days, 3 hours and 8 minutes before removal. Socket users were protected even while the package was live.

This module constructs an HTTP Basic Authorization header from provided credentials and sends those credentials and other provided strings to a hard-coded, suspicious remote endpoint over plaintext HTTP using a non-standard 'cPython' networking helper. Behavior is consistent with credential exfiltration or unwanted telemetry/backdoor activity. Treat this code as malicious or highly privacy-invasive. Investigate or remove the 'cPython' dependency and block the remote host; do not use in trusted environments.

The Python module itself is not directly implementing typical malware behaviors, but it creates a high-risk execution surface: it runs local shell scripts (some with sudo) with unvalidated inputs and passes secrets on the command line. The deploy_fdb_from_file_service function contains a command-injection vulnerability (shell=True with joined args) and a coding bug (returncod typo). Recommend: remove shell=True; use argument lists always, avoid passing secrets via argv (use stdin, environment files with proper filesystem permissions, or secured IPC), eliminate unnecessary sudo calls and require callers to provide appropriate privileges if needed, validate/escape inputs (especially file paths), fix the returncod typo, and audit all invoked shell scripts before use. Treat package as risky until mitigations and script audits are performed.

The code is obfuscated and performs actions consistent with data exfiltration by sending encoded system information to a suspicious domain via DNS lookup. This behavior is indicative of malicious intent.

This function exhibits clear intent to exfiltrate a supplied private key to a hardcoded remote endpoint and to accept remote control via a 'switcher' endpoint. Even though the payload construction contains bugs (set literal and misspelled key) that may break or alter the transmitted data, the behavior is strongly malicious or privacy-invasive. Do not run this code with real secrets; remove or isolate it and consider it high-risk.

Live on PyPI for 8 hours and 42 minutes before removal. Socket users were protected even while the package was live.

The code exhibits clear malicious behavior by downloading and executing an executable from a remote server without proper verification, potentially leading to unauthorized remote access, cryptojacking, or other malicious activities. The high confidence, malware, and security risk scores are justified based on the identified behavior in the code.

Live on npm for 4 minutes before removal. Socket users were protected even while the package was live.

The code sends sensitive credentials from environment variables over an unencrypted HTTP connection to an external API service at api[.]sqhyw[.]net:90. It authenticates using username/password from the YEZI_USER environment variable, retrieves access tokens, and automates the process of obtaining mobile phone numbers and SMS verification codes. This behavior poses significant supply chain security risks through: (1) leakage of environment variable credentials over unencrypted HTTP, (2) interaction with a suspicious external domain on a non-standard port, (3) logging of potentially sensitive API responses including tokens and SMS codes, and (4) facilitation of SMS verification bypass which could enable fraudulent account creation or spam activities. The code continuously polls the external API for up to 120 seconds to retrieve SMS codes, creating additional operational risks. While not containing traditional malware payloads, the credential exfiltration and suspicious external communication patterns justify classification as malware due to the significant security risks posed to systems that deploy this code.

The script collects the user's current working directory and sends it to a remote server via DNS lookup, potentially leaking sensitive information.

Live on npm for 6 days, 12 hours and 58 minutes before removal. Socket users were protected even while the package was live.

The script is designed to send sensitive information about the system to an external server, which is a clear indication of malicious behavior.

Live on npm for 22 days, 21 hours and 33 minutes before removal. Socket users were protected even while the package was live.

The script collects package information, directory path, home directory, hostname, username, DNS servers, and package-related data and sends it to a remote server.

Live on npm for 7 minutes before removal. Socket users were protected even while the package was live.

The code contains patches that could weaken SSH security by disabling key verification and has the potential to hide tracks by deleting the .git directory. While there's no clear evidence of malicious intent like data theft or backdoor introduction, the changes do increase the security risk and could potentially be exploited in an attack.

Critical vulnerability: eval(self.data) on untrusted websocket input enables remote code execution. Even if subsequent 'path'/'key' checks fail, arbitrary code in the payload will have executed. Combined with invoking route handlers with attacker-controlled config and returning handler outputs to clients, this code poses a high security risk and should not be used in production. Immediate remediation: replace eval with a safe parser (e.g., json.loads) or ast.literal_eval if only literals are expected; perform input validation before any execution; never execute untrusted strings; use least-privilege runtime and sandboxing for handler execution; bind issued keys to client context and add proper error/edge-case handling (e.g., remove -> discard no-ops).

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

This file implements mutual TLS networking for the Sliver C2 framework. It does not contain obvious obfuscation, hidden credential harvesting, or direct exfiltration code in this fragment, but it is part of an explicit command-and-control system. Notable issues: unbounded message-length handling (DoS risk), fragile Read/error handling, and a potential for deadlocks when routing responses. If your threat model forbids C2 functionality, this package is inappropriate. If evaluating for secure coding, fix input-length validation and use io.ReadFull or similar, handle errors robustly, and add bounds checks on message size.

This script is a high-risk launcher: it unconditionally fetches Python code from a hardcoded remote repo and executes it locally via a shell-invoked Python process while passing unsanitized user inputs directly into the shell command. Even if the upstream repository is currently benign, the pattern enables trivial supply-chain compromise and shell injection. Mitigations: remove runtime download-and-exec; if fetching is necessary, pin and verify cryptographic hashes or signatures, validate content, avoid os.system (use subprocess with argument lists or importlib), sanitize inputs, and add error handling and logging. Treat this module as unsafe in security-sensitive environments until hardened.

This SQLite database file contains embedded explicit adult content and torrent distribution infrastructure instead of legitimate data. The file includes extensive HTML fragments with pornographic video metadata, download links to torrent files, and suspicious redirect URLs. Key malicious domains identified include rmdown[.]com, redircdn[.]com, 97p[.]org, qpic[.]ws, imgbox[.]com, and various other image hosting services. The content contains hash values for torrent files, BitTorrent magnet links, and obfuscated download URLs using multiple redirect layers to mask the true destinations. This represents a supply chain attack where adult content distribution infrastructure has been embedded within what appears to be a standard database file, potentially exposing users to inappropriate content and malicious download sites when accessed.

This module is not overtly malicious (no backdoor, network exfiltration, or obfuscated payload). However it contains a significant security risk: direct use of pickle.loads on data read from Redis, which can lead to arbitrary code execution if Redis content can be influenced by an attacker. Treat this as a serious security concern and avoid untrusted pickle deserialization.

Live on PyPI for 52 minutes before removal. Socket users were protected even while the package was live.

This module contains a critical vulnerability: unconstrained eval() of attacker-controlled 'input.expr' with access to local variables (including a formatted request object). This yields remote code execution and potential data exfiltration. The code likely represents an insecure design/bug rather than intentionally malicious code, but it must be remediated before handling untrusted inputs. Also fix the apparent syntax error in getAttr.

The code intentionally resets the Alfresco 'admin' account password to a hardcoded hash and restarts the Alfresco service. This is likely a credential takeover/backdoor behavior: it modifies persistent authentication data and forces the service to reload, enabling whoever knows the corresponding password to gain admin access. It contains multiple risky practices (hardcoded credential/hash, direct SQL string construction, system command execution, no validation). Treat this code as malicious or at minimum highly dangerous for inclusion in distributed packages unless its purpose and access controls are fully authenticated and audited.

The script sends potentially sensitive information (hostname and user ID) to an external server, which poses a significant security risk.

Live on npm for 14 days and 21 minutes before removal. Socket users were protected even while the package was live.

This module is not explicitly obfuscated or directly embedding malware, but it presents a high-risk pattern: it executes AI-generated shell commands with shell=True and no safety enforcement. The imported safety check (is_command_safe) is not used. That design allows arbitrary command execution, privilege escalation suggestions, and automated retries — all of which could be abused to run destructive or exfiltrative operations. Fixes should include enforcing command safety checks, prompting the user for explicit approval before executing AI-generated commands, avoiding shell=True where possible, limiting retries, and validating the API key usage bug. Treat this package as high-risk for runtime command execution until mitigations are added.

Live on PyPI for 10 hours and 31 minutes before removal. Socket users were protected even while the package was live.

This code implements explicit ARP poisoning / gratuitous ARP and enables IP forwarding — behavior that creates a Man-in-the-Middle capability. It is malicious or at least offensive by design (not a benign diagnostic helper). If executed by an authorized user in a controlled test environment, it could be used for legitimate network testing; otherwise, running it on production or unauthorized networks is malicious and illegal in many jurisdictions. There is no obfuscation or external C2; the primary risk is active network manipulation and persistent kernel state change (ip_forward). Recommend treating the package as high-risk and restricting its use to authorized security testing environments only.

The code downloads and executes an external script from an external URL and passes sensitive inputs (authToken, githubToken, repository/branch data) directly into the remote script invocation. This creates a high-risk remote code execution pathway with potential data leakage and no integrity validation. For safer operation, eliminate remote script execution, or implement verifiable, signed assets, sandboxing, and strict input sanitization. Use actions with minimal permissions and avoid exposing tokens in process arguments or logs.

The script is highly suspicious and likely malicious due to its data collection and transmission behavior. It is recommended not to use this script or the package it is part of without a thorough investigation and/or proper mitigation measures.

Live on npm for 21 days, 3 hours and 8 minutes before removal. Socket users were protected even while the package was live.

This module constructs an HTTP Basic Authorization header from provided credentials and sends those credentials and other provided strings to a hard-coded, suspicious remote endpoint over plaintext HTTP using a non-standard 'cPython' networking helper. Behavior is consistent with credential exfiltration or unwanted telemetry/backdoor activity. Treat this code as malicious or highly privacy-invasive. Investigate or remove the 'cPython' dependency and block the remote host; do not use in trusted environments.

The Python module itself is not directly implementing typical malware behaviors, but it creates a high-risk execution surface: it runs local shell scripts (some with sudo) with unvalidated inputs and passes secrets on the command line. The deploy_fdb_from_file_service function contains a command-injection vulnerability (shell=True with joined args) and a coding bug (returncod typo). Recommend: remove shell=True; use argument lists always, avoid passing secrets via argv (use stdin, environment files with proper filesystem permissions, or secured IPC), eliminate unnecessary sudo calls and require callers to provide appropriate privileges if needed, validate/escape inputs (especially file paths), fix the returncod typo, and audit all invoked shell scripts before use. Treat package as risky until mitigations and script audits are performed.

The code is obfuscated and performs actions consistent with data exfiltration by sending encoded system information to a suspicious domain via DNS lookup. This behavior is indicative of malicious intent.

This function exhibits clear intent to exfiltrate a supplied private key to a hardcoded remote endpoint and to accept remote control via a 'switcher' endpoint. Even though the payload construction contains bugs (set literal and misspelled key) that may break or alter the transmitted data, the behavior is strongly malicious or privacy-invasive. Do not run this code with real secrets; remove or isolate it and consider it high-risk.

Live on PyPI for 8 hours and 42 minutes before removal. Socket users were protected even while the package was live.

The code exhibits clear malicious behavior by downloading and executing an executable from a remote server without proper verification, potentially leading to unauthorized remote access, cryptojacking, or other malicious activities. The high confidence, malware, and security risk scores are justified based on the identified behavior in the code.

Live on npm for 4 minutes before removal. Socket users were protected even while the package was live.

The code sends sensitive credentials from environment variables over an unencrypted HTTP connection to an external API service at api[.]sqhyw[.]net:90. It authenticates using username/password from the YEZI_USER environment variable, retrieves access tokens, and automates the process of obtaining mobile phone numbers and SMS verification codes. This behavior poses significant supply chain security risks through: (1) leakage of environment variable credentials over unencrypted HTTP, (2) interaction with a suspicious external domain on a non-standard port, (3) logging of potentially sensitive API responses including tokens and SMS codes, and (4) facilitation of SMS verification bypass which could enable fraudulent account creation or spam activities. The code continuously polls the external API for up to 120 seconds to retrieve SMS codes, creating additional operational risks. While not containing traditional malware payloads, the credential exfiltration and suspicious external communication patterns justify classification as malware due to the significant security risks posed to systems that deploy this code.

The script collects the user's current working directory and sends it to a remote server via DNS lookup, potentially leaking sensitive information.

Live on npm for 6 days, 12 hours and 58 minutes before removal. Socket users were protected even while the package was live.

The script is designed to send sensitive information about the system to an external server, which is a clear indication of malicious behavior.

Live on npm for 22 days, 21 hours and 33 minutes before removal. Socket users were protected even while the package was live.

The script collects package information, directory path, home directory, hostname, username, DNS servers, and package-related data and sends it to a remote server.

Live on npm for 7 minutes before removal. Socket users were protected even while the package was live.