Secure your dependencies. Ship with confidence.

This file is offensive/exploit tooling: it performs automated reconnaissance, crafts and sends SQLi and PHP eval payloads against Joomla sites, extracts credentials/session data, and attempts to install a PHP webshell for persistence. Those behaviors constitute malicious activity (unauthorized access, credential theft, backdoor installation). Treat this code as malicious/exploitative; do not include it in trusted dependencies or run it on networks you do not own/authorize. The snippet contains some syntactic errors suggesting a truncated copy, but intent and many operational parts are explicit.

The migration tool exhibits legitimate migration behaviors but contains a pronounced backdoor-like pattern in selfHidingFile, wrapped with license gating and __HALT_COMPILER usage. This creates a dangerous supply-chain and runtime risk: if artifacts are deployed, an attacker could leverage the HALT payload to read or serve files, or otherwise exfiltrate data. Recommend removing selfHidingFile, isolating license logic, auditing all remote file fetches, and enforcing strict provenance controls before adoption.

This file implements a sophisticated malware dropper with multiple execution vectors and evasion techniques. The code contains functions that read arbitrary executables, base64-encode them, and embed them into multi-layered PowerShell payloads designed to bypass antivirus detection. The malware attempts in-memory .NET assembly loading via System.Reflection.Assembly.Load() and EntryPoint.Invoke(), with fallbacks to write executables to temp directories (system_update.exe, system32_update.exe) and execute them with hidden windows. It downloads additional Python payloads from hardcoded remote URLs (google[.]flicxd2[.]com/dell/DELL_GLOBAL_TOUCH_MONITOR_A00-00_F1[.]py), implements 10 different execution methods with timed delays to evade behavioral analysis, and includes comprehensive anti-forensic capabilities (Clear-RecycleBin, aggressive temp file cleanup, trace removal). The malware also incorporates selenium-stealth techniques to mask automated browser traffic and bypass web-based detection systems. All operations suppress error messages and use hidden execution contexts to avoid detection. This represents a fully-featured malware delivery system with dropper, backdoor, and persistence capabilities.

package.json defines malicious lifecycle hooks. The “preinstall” hook runs “node preinstall.js”, allowing arbitrary JavaScript execution. The “postinstall” hook echoes “[HOOK] postinstall: contents of exfil.txt” and then runs “cat exfil.txt”, reading and displaying any sensitive data stored in that file. This behavior demonstrates a clear risk of unauthorized code execution and data disclosure during installation.

Live on npm for 55 days, 20 hours and 17 minutes before removal. Socket users were protected even while the package was live.

The setup.py file itself is not malicious code, but it declares an application explicitly designed to collect extensive system data and transmit it via Telegram. The listed dependencies provide capabilities commonly used for invasive data collection (clipboard, screenshots, system/process interrogation, Windows APIs). Without the runtime source code, we cannot definitively label the package as malware, but the intent and capabilities indicate a significant security risk that warrants careful review of xbait.main and any networking code before installation or execution.

Live on pypi for 10 hours and 53 minutes before removal. Socket users were protected even while the package was live.

This module is functionally a remote code execution backdoor: it accepts arbitrary Python code over a TCP connection and executes it in-process, returning stdout/stderr (including tracebacks) to the caller. It presents a high security risk — an attacker with network access can run arbitrary commands with the host process's privileges, read/write files, perform network exfiltration, and establish persistence. Do not run this code on any machine with sensitive data or network access. Remove or restrict it, require strong authentication, sandbox execution, enforce strict resource limits, and avoid executing untrusted input.

Attributed by the Socket Threat Research Team to North Korea’s “Contagious Interview” operation, this package is a multi-stage Node.js infostealer/loader that executes immediately on install, steals browser credentials, crypto-wallet data, and macOS keychain items, enables clipboard monitoring and keylogging with screen capture (Windows), and executes commands via a backdoor. It downloads and runs BeaverTail as a secondary payload, persists and expands via a Python agent, and exfiltrates sensitive data to hardcoded C2 endpoints over HTTP. C2 Endpoints: - hxxp://146[.]70[.]253[.]107:1224/uploads - hxxp://146[.]70[.]253[.]107:1224/client - hxxp://146[.]70[.]253[.]107:1224/pdown

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

The code exhibits behavior consistent with data exfiltration by collecting and sending sensitive system information to a remote server without user consent. This poses a significant security risk.

Live on npm for 3 days, 3 hours and 12 minutes before removal. Socket users were protected even while the package was live.

The code exhibits malicious behavior by sending environment variables to an external server, which can lead to data theft. The code is not obfuscated but poses a high security risk.

Live on npm for 40 minutes before removal. Socket users were protected even while the package was live.

This code explicitly implements a mechanism to execute arbitrary JavaScript by writing a payload to disk and launching a target executable with ELECTRON_RUN_AS_NODE set, which will cause Electron to run the payload as Node. If payloads or executable paths are controllable by untrusted parties, this is a high-risk remote/local code execution vector. Logging the raw payload creates an information-leak risk. Treat this module as potentially dangerous in general-purpose libraries; it may be acceptable in controlled exploit/testing tooling. Recommend: remove or redact raw payload logging, validate and restrict executable paths and payload sources, use secure temporary files with strict permissions, and only expose this functionality to trusted, authenticated contexts. Further review of _convert_javascript_payload_to_file and how attributes are set/sourced is required to fully assess impact.

The code creates SSH users and exfiltrates login credentials (usernames, passwords, and host information) by sending them to a hardcoded Telegram channel using bot token 7419614345:AAFwmSvM0zWNaLQhDLidtZ-B9Tzp-aVWICA and chat ID 1964437366. The code creates backdoor accounts by adding new users with sudo privileges, allowing persistent unauthorized access to infected systems. Telegram webhook URL api[.]telegram[.]org is used for data exfiltration.

This module is explicitly designed to harvest Discord authentication tokens from a Windows machine by reading LevelDB data and decrypting DPAPI-protected blobs via PowerShell, plus probing the Windows Credential Manager for Discord entries. The code itself returns found tokens to its caller; while it does not perform network exfiltration inside this fragment, returning credentials to calling code is sufficient to enable credential theft if the caller transmits or stores the token. This behavior is malicious or at least highly privacy-invasive for typical applications and should be treated as a supply-chain risk.

This module is an automation tool that, given Discord user tokens, enumerates servers, creates permanent invite links when necessary, and sends those invite links plus guild names to an external Telegram endpoint. The functionality enables exfiltration and unauthorized propagation into servers and could be used to escalate or distribute malicious campaigns. The code contains clear misuse patterns (credential abuse, creation of durable invites, external exfiltration) and is highly suspicious. Treat as malicious tooling — do not run with real tokens; remove and investigate any exposure of tokens.

The code is designed to collect and transmit system information to external endpoints without user consent, which is indicative of malicious behavior. The hardcoded endpoints and the nature of the data being sent pose a significant security risk.

Live on npm for 2 hours and 6 minutes before removal. Socket users were protected even while the package was live.

This module zips a local directory and uploads it to a specific S3 bucket. The code contains hardcoded AWS credentials and a hardcoded bucket name, which is a severe security issue and could enable data exfiltration if these credentials are valid. There are additional problems: a likely return-value bug (undefined variable s3_ke), possible insufficient path-safety around symlinks, and verbose logging of paths. There is no evidence of obfuscation or active payloads like reverse shells or eval-based code execution. Treat this package as high-risk until credentials are removed/rotated and the code is corrected and reviewed.

Live on pypi for 5 days, 4 hours and 58 minutes before removal. Socket users were protected even while the package was live.

This module implements a plugin loader that installs wheel packages into a local prefix and imports their entry points. It does not contain obvious intentionally malicious code in itself, but it performs high-risk operations: installing arbitrary wheel files at runtime and importing their modules, and it deletes and recreates a local prefix directory. Those behaviors create a significant supply-chain execution risk because malicious or tampered packages could execute arbitrary code during pip install or when imported. Recommend treating wheel files and distributions as untrusted: verify package signatures/checksums, restrict network access during install, run installs in an isolated/sandboxed environment, and harden environment variable handling before calling pip.

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

The code presents clear indicators of malicious capability: in-process shellcode execution and memfd-based side-loading with LD_PRELOAD to run injected data in another process. This constitutes high-risk behavior suitable for backdoor or code execution tooling. The implementation lacks input validation, safeguards, or auditing hooks, making it a strong threat in supply-chain contexts. Hardening would require removing in-memory code execution, eliminating LD_PRELOAD-based injection paths, and adding strict input validation, provenance checks, and runtime protections.

This code is highly suspicious and should not be used without further investigation. The code is heavily obfuscated and could potentially contain malicious code. The purpose of the code is unclear and further investigation is necessary to determine its exact behavior.

Live on npm for 41 minutes before removal. Socket users were protected even while the package was live.

Overall, this dependency fragment behaves as an always-on tunnel client that exposes a local service via cloudflared, repeatedly restarts it based on health/network events, and registers machine-derived identifiers and tunnel URLs to a remote service. The highest-risk element is conditional MITM auto-start using stored credentials, which implies traffic interception capability. Additionally, the module uses shell execution (tar extraction, pkill) and aggressive process management, increasing the operational and supply-chain impact if the intent or configuration is not fully transparent to users.

The code mostly implements UI components and a settings UI. However, it contains a configuration subsystem that fetches remote data and can execute arbitrary JavaScript returned by the server (new Function(data.script)()). That is a high-risk capability: if an attacker can control the settings API (or the server is compromised), they can execute arbitrary code in all clients, persist payloads via localStorage, and maintain persistent remote control. This is a severe supply-chain/backdoor risk. If you cannot guarantee the integrity and access control of the settings service (GetSettingConfigClient and related endpoints), treat this as dangerous and remove or restrict dynamic script execution. Recommend removing new Function execution, validating and sandboxing remote content, and restricting config updates to well-structured JSON rather than executable code.

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

This module contains strong indicators of malicious intent: hardcoded attacker endpoints and Telegram bot token, downloader fetching and executing remote code both as a binary on Windows and as shell script on non-Windows, attempts to clear Windows Zone.Identifier ADS, and privilege-elevation attempts. Treat this code as a malicious dropper/backdoor component. Do not run it; block the referenced hosts, revoke the exposed Telegram token, and investigate systems where this code or its payloads have executed.

Live on pypi for 9 hours and 26 minutes before removal. Socket users were protected even while the package was live.

This file is offensive/exploit tooling: it performs automated reconnaissance, crafts and sends SQLi and PHP eval payloads against Joomla sites, extracts credentials/session data, and attempts to install a PHP webshell for persistence. Those behaviors constitute malicious activity (unauthorized access, credential theft, backdoor installation). Treat this code as malicious/exploitative; do not include it in trusted dependencies or run it on networks you do not own/authorize. The snippet contains some syntactic errors suggesting a truncated copy, but intent and many operational parts are explicit.

The migration tool exhibits legitimate migration behaviors but contains a pronounced backdoor-like pattern in selfHidingFile, wrapped with license gating and __HALT_COMPILER usage. This creates a dangerous supply-chain and runtime risk: if artifacts are deployed, an attacker could leverage the HALT payload to read or serve files, or otherwise exfiltrate data. Recommend removing selfHidingFile, isolating license logic, auditing all remote file fetches, and enforcing strict provenance controls before adoption.

This file implements a sophisticated malware dropper with multiple execution vectors and evasion techniques. The code contains functions that read arbitrary executables, base64-encode them, and embed them into multi-layered PowerShell payloads designed to bypass antivirus detection. The malware attempts in-memory .NET assembly loading via System.Reflection.Assembly.Load() and EntryPoint.Invoke(), with fallbacks to write executables to temp directories (system_update.exe, system32_update.exe) and execute them with hidden windows. It downloads additional Python payloads from hardcoded remote URLs (google[.]flicxd2[.]com/dell/DELL_GLOBAL_TOUCH_MONITOR_A00-00_F1[.]py), implements 10 different execution methods with timed delays to evade behavioral analysis, and includes comprehensive anti-forensic capabilities (Clear-RecycleBin, aggressive temp file cleanup, trace removal). The malware also incorporates selenium-stealth techniques to mask automated browser traffic and bypass web-based detection systems. All operations suppress error messages and use hidden execution contexts to avoid detection. This represents a fully-featured malware delivery system with dropper, backdoor, and persistence capabilities.

package.json defines malicious lifecycle hooks. The “preinstall” hook runs “node preinstall.js”, allowing arbitrary JavaScript execution. The “postinstall” hook echoes “[HOOK] postinstall: contents of exfil.txt” and then runs “cat exfil.txt”, reading and displaying any sensitive data stored in that file. This behavior demonstrates a clear risk of unauthorized code execution and data disclosure during installation.

Live on npm for 55 days, 20 hours and 17 minutes before removal. Socket users were protected even while the package was live.

The setup.py file itself is not malicious code, but it declares an application explicitly designed to collect extensive system data and transmit it via Telegram. The listed dependencies provide capabilities commonly used for invasive data collection (clipboard, screenshots, system/process interrogation, Windows APIs). Without the runtime source code, we cannot definitively label the package as malware, but the intent and capabilities indicate a significant security risk that warrants careful review of xbait.main and any networking code before installation or execution.

Live on pypi for 10 hours and 53 minutes before removal. Socket users were protected even while the package was live.

This module is functionally a remote code execution backdoor: it accepts arbitrary Python code over a TCP connection and executes it in-process, returning stdout/stderr (including tracebacks) to the caller. It presents a high security risk — an attacker with network access can run arbitrary commands with the host process's privileges, read/write files, perform network exfiltration, and establish persistence. Do not run this code on any machine with sensitive data or network access. Remove or restrict it, require strong authentication, sandbox execution, enforce strict resource limits, and avoid executing untrusted input.

Attributed by the Socket Threat Research Team to North Korea’s “Contagious Interview” operation, this package is a multi-stage Node.js infostealer/loader that executes immediately on install, steals browser credentials, crypto-wallet data, and macOS keychain items, enables clipboard monitoring and keylogging with screen capture (Windows), and executes commands via a backdoor. It downloads and runs BeaverTail as a secondary payload, persists and expands via a Python agent, and exfiltrates sensitive data to hardcoded C2 endpoints over HTTP. C2 Endpoints: - hxxp://146[.]70[.]253[.]107:1224/uploads - hxxp://146[.]70[.]253[.]107:1224/client - hxxp://146[.]70[.]253[.]107:1224/pdown

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

The code exhibits behavior consistent with data exfiltration by collecting and sending sensitive system information to a remote server without user consent. This poses a significant security risk.

Live on npm for 3 days, 3 hours and 12 minutes before removal. Socket users were protected even while the package was live.

The code exhibits malicious behavior by sending environment variables to an external server, which can lead to data theft. The code is not obfuscated but poses a high security risk.

Live on npm for 40 minutes before removal. Socket users were protected even while the package was live.

This code explicitly implements a mechanism to execute arbitrary JavaScript by writing a payload to disk and launching a target executable with ELECTRON_RUN_AS_NODE set, which will cause Electron to run the payload as Node. If payloads or executable paths are controllable by untrusted parties, this is a high-risk remote/local code execution vector. Logging the raw payload creates an information-leak risk. Treat this module as potentially dangerous in general-purpose libraries; it may be acceptable in controlled exploit/testing tooling. Recommend: remove or redact raw payload logging, validate and restrict executable paths and payload sources, use secure temporary files with strict permissions, and only expose this functionality to trusted, authenticated contexts. Further review of _convert_javascript_payload_to_file and how attributes are set/sourced is required to fully assess impact.

The code creates SSH users and exfiltrates login credentials (usernames, passwords, and host information) by sending them to a hardcoded Telegram channel using bot token 7419614345:AAFwmSvM0zWNaLQhDLidtZ-B9Tzp-aVWICA and chat ID 1964437366. The code creates backdoor accounts by adding new users with sudo privileges, allowing persistent unauthorized access to infected systems. Telegram webhook URL api[.]telegram[.]org is used for data exfiltration.

This module is explicitly designed to harvest Discord authentication tokens from a Windows machine by reading LevelDB data and decrypting DPAPI-protected blobs via PowerShell, plus probing the Windows Credential Manager for Discord entries. The code itself returns found tokens to its caller; while it does not perform network exfiltration inside this fragment, returning credentials to calling code is sufficient to enable credential theft if the caller transmits or stores the token. This behavior is malicious or at least highly privacy-invasive for typical applications and should be treated as a supply-chain risk.

This module is an automation tool that, given Discord user tokens, enumerates servers, creates permanent invite links when necessary, and sends those invite links plus guild names to an external Telegram endpoint. The functionality enables exfiltration and unauthorized propagation into servers and could be used to escalate or distribute malicious campaigns. The code contains clear misuse patterns (credential abuse, creation of durable invites, external exfiltration) and is highly suspicious. Treat as malicious tooling — do not run with real tokens; remove and investigate any exposure of tokens.

The code is designed to collect and transmit system information to external endpoints without user consent, which is indicative of malicious behavior. The hardcoded endpoints and the nature of the data being sent pose a significant security risk.

Live on npm for 2 hours and 6 minutes before removal. Socket users were protected even while the package was live.

This module zips a local directory and uploads it to a specific S3 bucket. The code contains hardcoded AWS credentials and a hardcoded bucket name, which is a severe security issue and could enable data exfiltration if these credentials are valid. There are additional problems: a likely return-value bug (undefined variable s3_ke), possible insufficient path-safety around symlinks, and verbose logging of paths. There is no evidence of obfuscation or active payloads like reverse shells or eval-based code execution. Treat this package as high-risk until credentials are removed/rotated and the code is corrected and reviewed.

Live on pypi for 5 days, 4 hours and 58 minutes before removal. Socket users were protected even while the package was live.

This module implements a plugin loader that installs wheel packages into a local prefix and imports their entry points. It does not contain obvious intentionally malicious code in itself, but it performs high-risk operations: installing arbitrary wheel files at runtime and importing their modules, and it deletes and recreates a local prefix directory. Those behaviors create a significant supply-chain execution risk because malicious or tampered packages could execute arbitrary code during pip install or when imported. Recommend treating wheel files and distributions as untrusted: verify package signatures/checksums, restrict network access during install, run installs in an isolated/sandboxed environment, and harden environment variable handling before calling pip.

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

The code presents clear indicators of malicious capability: in-process shellcode execution and memfd-based side-loading with LD_PRELOAD to run injected data in another process. This constitutes high-risk behavior suitable for backdoor or code execution tooling. The implementation lacks input validation, safeguards, or auditing hooks, making it a strong threat in supply-chain contexts. Hardening would require removing in-memory code execution, eliminating LD_PRELOAD-based injection paths, and adding strict input validation, provenance checks, and runtime protections.

This code is highly suspicious and should not be used without further investigation. The code is heavily obfuscated and could potentially contain malicious code. The purpose of the code is unclear and further investigation is necessary to determine its exact behavior.

Live on npm for 41 minutes before removal. Socket users were protected even while the package was live.

Overall, this dependency fragment behaves as an always-on tunnel client that exposes a local service via cloudflared, repeatedly restarts it based on health/network events, and registers machine-derived identifiers and tunnel URLs to a remote service. The highest-risk element is conditional MITM auto-start using stored credentials, which implies traffic interception capability. Additionally, the module uses shell execution (tar extraction, pkill) and aggressive process management, increasing the operational and supply-chain impact if the intent or configuration is not fully transparent to users.

The code mostly implements UI components and a settings UI. However, it contains a configuration subsystem that fetches remote data and can execute arbitrary JavaScript returned by the server (new Function(data.script)()). That is a high-risk capability: if an attacker can control the settings API (or the server is compromised), they can execute arbitrary code in all clients, persist payloads via localStorage, and maintain persistent remote control. This is a severe supply-chain/backdoor risk. If you cannot guarantee the integrity and access control of the settings service (GetSettingConfigClient and related endpoints), treat this as dangerous and remove or restrict dynamic script execution. Recommend removing new Function execution, validating and sandboxing remote content, and restricting config updates to well-structured JSON rather than executable code.

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

This module contains strong indicators of malicious intent: hardcoded attacker endpoints and Telegram bot token, downloader fetching and executing remote code both as a binary on Windows and as shell script on non-Windows, attempts to clear Windows Zone.Identifier ADS, and privilege-elevation attempts. Treat this code as a malicious dropper/backdoor component. Do not run it; block the referenced hosts, revoke the exposed Telegram token, and investigate systems where this code or its payloads have executed.

Live on pypi for 9 hours and 26 minutes before removal. Socket users were protected even while the package was live.