Socket for Open Source Security

Malicious code in itsmerobottt (npm) Source: ghsa-malware (05535a64865868032103d2f29b1a3c0ba770470a0f8b421233cc5a84cffadfcb) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Live on npm for 17 hours and 23 minutes before removal. Socket users were protected even while the package was live.

Malicious code in absent_goldfish_z3n (npm) Source: amazon-inspector (d022e4d5962c610622f7a6aa4443dd1ccfc7e1b972c2fb19cbf8eea5b0addb5b) This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts (auto.js, autopublish.js, autopublish2.js, autopublish3.js) designed to automatically generate and publish derivative packages with randomized names to inflate developer reputation scores for tea protocol token rewards. The malicious payload modifies package.json to remove private flags, changes version numbers, generates random Indonesian-themed package names (some variants are also in English), and continuously republishes variants to pollute the npm registry.

The code exhibits behavior characteristic of malware, including the collection of sensitive data, use of obfuscation, and execution of potentially arbitrary code using eval. The intentional obfuscation and disabling of NODE_NO_EVAL are indicative of an attempt to hide malicious behavior and enable unsafe operations.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

Observed in registry monitoring as part of a split-payload data distribution by user 'sdjkals'. Packages contain many malformed WOFF2-like segment files that appear to be encrypted/obfuscated and are used to store/serve fragmented payloads across multiple packages (infrastructure abuse and payload assembly evasion). Source: routine monitoring of NPM registry activity described in the provided report.

Malicious code in my-service-manager (PyPI) Source: kam193 (58c8e4c726cef11c6d7d60916210f532060a6ff7a98bb7fea5872eb10335dd5d) While the package appears to be a manager for Windows service, the linked executable is an infostealer with capabilities like cookie stealing ang keylogger. The package only supports installing it --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2024-12-BetterMint Reasons (based on the campaign): - infostealer - exfiltration-generic - Downloads and executes a remote executable. - keylogger - exfiltration-browser-data - The package contains code to detect if it is running in a sandbox environment.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 10 minutes before removal. Socket users were protected even while the package was live.

Packages published by user sdjkals contain many malformed WOFF2-like segment files that appear to be fragmented pieces of an obfuscated payload; evidence indicates split-payload distribution across multiple packages to assemble a larger dataset and evade detection (source: registry monitoring report by mend.io).

This setup.py contains a high-risk backdoor pattern: it will unconditionally load and execute code from a bundled zip file (zip.zip) during package installation. That behavior enables arbitrary code execution in the installer's context and is a clear supply-chain risk. If zip.zip contains malicious payloads, they will run automatically. Avoid installing this package or inspect the contents of zip.zip before running installation. The file itself does not show explicit theft or exfiltration, but the pattern is sufficient to consider the package unsafe.

Live on PyPI for 6 hours and 17 minutes before removal. Socket users were protected even while the package was live.

Malicious code in accessible_walrus_z3n (npm) Source: amazon-inspector (28bae6f29ddb8dd1d068cec664d2ef014fcf0d392b8b4876333d54a74dd5b0fb) This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts (auto.js, autopublish.js, autopublish2.js, autopublish3.js) designed to automatically generate and publish derivative packages with randomized names to inflate developer reputation scores for tea protocol token rewards. The malicious payload modifies package.json to remove private flags, changes version numbers, generates random Indonesian-themed package names (some variants are also in English), and continuously republishes variants to pollute the npm registry.

The code exhibits malicious behavior, including data exfiltration and execution of remote code. The risk score is high due to the potential for unauthorized access or exploitation of the system.

Live on PyPI for 6 hours and 22 minutes before removal. Socket users were protected even while the package was live.

Malicious code in masolv-avlo-civbsoifaufoiv (npm) Source: amazon-inspector (85195e1aa88690d6f168a539e3635f0963eda3fd074d4ee6fce657e85129e846) This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts (auto.js, autopublish.js, autopublish2.js, autopublish3.js) designed to automatically generate and publish derivative packages with randomized names to inflate developer reputation scores for tea protocol token rewards. The malicious payload modifies package.json to remove private flags, changes version numbers, generates random Indonesian-themed package names (some variants are also in English), and continuously republishes variants to pollute the npm registry.

This module contains highly obfuscated code that reads embedded data/resources, decodes/decrypts them, allocates writable/executable memory, writes payload bytes, and constructs delegates to execute native code in-process. These behaviors (resource decoding + VirtualAlloc/VirtualProtect + Marshal writes + GetDelegateForFunctionPointer) are strong indicators of a runtime loader/unpacker capable of executing arbitrary native payloads. While such patterns can appear in legitimate protected/packaged commercial components, they are atypical for a UI document viewer and present a high supply-chain risk if the package provenance is not fully trusted. Recommend quarantining the package for manual review: verify vendor signatures, compare to official Leadtools releases, and perform dynamic analysis in an isolated environment. If using in production, prefer a verified build from vendor or remove/replace this dependency.

This package contains malicious scripts that exfiltrate sensitive system information to an external Discord webhook. The preinstall, preupdate, and test scripts use wget to silently send the local username (via $(whoami)), current working directory (via $(pwd)), and hostname (via $(hostname)) to the Discord webhook URL: discordapp[.]com/api/webhooks/1430159050917548055/_ng9Db177Qr5Kxi5JgClTSFQZfkzmLjEzqRQ3olMJ6gzVb8PFIPq0fYHonW_SKOvM8VS. The scripts use the --quiet flag to avoid detection and execute automatically during package installation/update. This data exfiltration poses significant privacy and security risks, including information leakage, system profiling, and potential follow-up targeted attacks.

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

Malicious code in rwvoloe (npm) Source: ghsa-malware (a67faf0be88e8a9e6adda37cb3aefa64d927b16033356b099ada026418ddc30f) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

This file is offensive/exploit tooling: it performs automated reconnaissance, crafts and sends SQLi and PHP eval payloads against Joomla sites, extracts credentials/session data, and attempts to install a PHP webshell for persistence. Those behaviors constitute malicious activity (unauthorized access, credential theft, backdoor installation). Treat this code as malicious/exploitative; do not include it in trusted dependencies or run it on networks you do not own/authorize. The snippet contains some syntactic errors suggesting a truncated copy, but intent and many operational parts are explicit.

This code explicitly reads a local file (default './resume.pdf') and uploads it to a fixed remote server without validation or consent. That behavior constitutes a high-risk data exfiltration primitive. Treat inclusion of this module as suspicious; review package provenance, remove or replace the code, or require destination configuration and explicit consent before uploading. Avoid running this in developer machines or CI until proven benign.

Malicious code in dono-ikan58-sluey (npm) Source: amazon-inspector (49e714850d9accc80b06b347853af9876a65982dbbd7d6938ee50b2845be5c48) This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts (auto.js, autopublish.js, autopublish2.js, autopublish3.js) designed to automatically generate and publish derivative packages with randomized names to inflate developer reputation scores for tea protocol token rewards. The malicious payload modifies package.json to remove private flags, changes version numbers, generates random Indonesian-themed package names (some variants are also in English), and continuously republishes variants to pollute the npm registry.

The code is designed to collect and send sensitive information to a remote server without the user's knowledge or consent. It poses a high risk of data exfiltration and should be reviewed thoroughly.

Live on npm for 9 hours and 19 minutes before removal. Socket users were protected even while the package was live.

Malicious code in geomorphology-astrochemistry-alphard-zenith (npm) Source: amazon-inspector (206b849dc5689a7e5c43f5c73d619dc09d9bd8248ad29e5e4a9c7beb15c96102) This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts (auto.js, autopublish.js, autopublish2.js, autopublish3.js) designed to automatically generate and publish derivative packages with randomized names to inflate developer reputation scores for tea protocol token rewards. The malicious payload modifies package.json to remove private flags, changes version numbers, generates random Indonesian-themed package names (some variants are also in English), and continuously republishes variants to pollute the npm registry.

Malicious code in staff-www (npm) Source: ghsa-malware (8814acf927915297c16c613cbe7ec500aeefd67cf9b5fc2bfc1d5102e46ed455) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Live on npm for 1 day, 11 hours and 25 minutes before removal. Socket users were protected even while the package was live.

The DLL’s Init() routine creates a file named CloudServiceUpdater.cmd in the user’s Start Menu→Programs→Startup folder, sets its file attribute to Hidden, and writes a PowerShell one-liner that: 1) defines a URL (https://quicktrap[.]xyz/cdn/CosmicProject[.]exe) and local paths (%TEMP% and %LOCALAPPDATA%\CloudServiceUpdate); 2) uses Invoke-WebRequest to fetch the remote payload into %TEMP%/updater.exe; 3) creates the CloudServiceUpdate directory under %LOCALAPPDATA%, moves the downloaded file there as CloudServiceUpdate.exe; 4) enters a `while($true)` loop invoking Start-Process -Verb RunAs on the payload until it succeeds. This establishes stealthy persistence on login, remote code retrieval, and elevation of privileges without user consent.

Malicious code in rtxt-dep2 (PyPI) Source: kam193 (3a0cd03149005afa6cc505bea16d80c21f5bbbd226c16c659ed6abb41cf730a2) Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities. Campaign: GENERIC-standard-pypi-install-pentest Reasons (based on the campaign): - The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk. - The package overrides the install command in setup.py to execute malicious code during installation.

This module is a high-risk automation tool for a banking web UI: it authenticates using an operator-supplied OTP, persists session cookies for reuse, performs automated transfers, captures receipts and session video, and provides mechanisms to exfiltrate those artifacts to external recipients. While the code is not heavily obfuscated, its capabilities enable financial fraud and sensitive-data leakage. Treat this code as potentially malicious or at least dangerous for use in trusted environments; do not deploy it against real accounts without strict controls and audits.

Observed in registry monitoring as part of a split-payload data distribution by user 'sdjkals'. Packages contain many malformed WOFF2-like segment files that appear to be encrypted/obfuscated and are used to store/serve fragmented payloads across multiple packages (infrastructure abuse and payload assembly evasion). Source: routine monitoring of NPM registry activity described in the provided report.

Malicious code in itsmerobottt (npm) Source: ghsa-malware (05535a64865868032103d2f29b1a3c0ba770470a0f8b421233cc5a84cffadfcb) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Live on npm for 17 hours and 23 minutes before removal. Socket users were protected even while the package was live.

Malicious code in absent_goldfish_z3n (npm) Source: amazon-inspector (d022e4d5962c610622f7a6aa4443dd1ccfc7e1b972c2fb19cbf8eea5b0addb5b) This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts (auto.js, autopublish.js, autopublish2.js, autopublish3.js) designed to automatically generate and publish derivative packages with randomized names to inflate developer reputation scores for tea protocol token rewards. The malicious payload modifies package.json to remove private flags, changes version numbers, generates random Indonesian-themed package names (some variants are also in English), and continuously republishes variants to pollute the npm registry.

The code exhibits behavior characteristic of malware, including the collection of sensitive data, use of obfuscation, and execution of potentially arbitrary code using eval. The intentional obfuscation and disabling of NODE_NO_EVAL are indicative of an attempt to hide malicious behavior and enable unsafe operations.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

Observed in registry monitoring as part of a split-payload data distribution by user 'sdjkals'. Packages contain many malformed WOFF2-like segment files that appear to be encrypted/obfuscated and are used to store/serve fragmented payloads across multiple packages (infrastructure abuse and payload assembly evasion). Source: routine monitoring of NPM registry activity described in the provided report.

Malicious code in my-service-manager (PyPI) Source: kam193 (58c8e4c726cef11c6d7d60916210f532060a6ff7a98bb7fea5872eb10335dd5d) While the package appears to be a manager for Windows service, the linked executable is an infostealer with capabilities like cookie stealing ang keylogger. The package only supports installing it --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2024-12-BetterMint Reasons (based on the campaign): - infostealer - exfiltration-generic - Downloads and executes a remote executable. - keylogger - exfiltration-browser-data - The package contains code to detect if it is running in a sandbox environment.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 10 minutes before removal. Socket users were protected even while the package was live.

Packages published by user sdjkals contain many malformed WOFF2-like segment files that appear to be fragmented pieces of an obfuscated payload; evidence indicates split-payload distribution across multiple packages to assemble a larger dataset and evade detection (source: registry monitoring report by mend.io).

This setup.py contains a high-risk backdoor pattern: it will unconditionally load and execute code from a bundled zip file (zip.zip) during package installation. That behavior enables arbitrary code execution in the installer's context and is a clear supply-chain risk. If zip.zip contains malicious payloads, they will run automatically. Avoid installing this package or inspect the contents of zip.zip before running installation. The file itself does not show explicit theft or exfiltration, but the pattern is sufficient to consider the package unsafe.

Live on PyPI for 6 hours and 17 minutes before removal. Socket users were protected even while the package was live.

Malicious code in accessible_walrus_z3n (npm) Source: amazon-inspector (28bae6f29ddb8dd1d068cec664d2ef014fcf0d392b8b4876333d54a74dd5b0fb) This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts (auto.js, autopublish.js, autopublish2.js, autopublish3.js) designed to automatically generate and publish derivative packages with randomized names to inflate developer reputation scores for tea protocol token rewards. The malicious payload modifies package.json to remove private flags, changes version numbers, generates random Indonesian-themed package names (some variants are also in English), and continuously republishes variants to pollute the npm registry.

The code exhibits malicious behavior, including data exfiltration and execution of remote code. The risk score is high due to the potential for unauthorized access or exploitation of the system.

Live on PyPI for 6 hours and 22 minutes before removal. Socket users were protected even while the package was live.

Malicious code in masolv-avlo-civbsoifaufoiv (npm) Source: amazon-inspector (85195e1aa88690d6f168a539e3635f0963eda3fd074d4ee6fce657e85129e846) This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts (auto.js, autopublish.js, autopublish2.js, autopublish3.js) designed to automatically generate and publish derivative packages with randomized names to inflate developer reputation scores for tea protocol token rewards. The malicious payload modifies package.json to remove private flags, changes version numbers, generates random Indonesian-themed package names (some variants are also in English), and continuously republishes variants to pollute the npm registry.

This module contains highly obfuscated code that reads embedded data/resources, decodes/decrypts them, allocates writable/executable memory, writes payload bytes, and constructs delegates to execute native code in-process. These behaviors (resource decoding + VirtualAlloc/VirtualProtect + Marshal writes + GetDelegateForFunctionPointer) are strong indicators of a runtime loader/unpacker capable of executing arbitrary native payloads. While such patterns can appear in legitimate protected/packaged commercial components, they are atypical for a UI document viewer and present a high supply-chain risk if the package provenance is not fully trusted. Recommend quarantining the package for manual review: verify vendor signatures, compare to official Leadtools releases, and perform dynamic analysis in an isolated environment. If using in production, prefer a verified build from vendor or remove/replace this dependency.

This package contains malicious scripts that exfiltrate sensitive system information to an external Discord webhook. The preinstall, preupdate, and test scripts use wget to silently send the local username (via $(whoami)), current working directory (via $(pwd)), and hostname (via $(hostname)) to the Discord webhook URL: discordapp[.]com/api/webhooks/1430159050917548055/_ng9Db177Qr5Kxi5JgClTSFQZfkzmLjEzqRQ3olMJ6gzVb8PFIPq0fYHonW_SKOvM8VS. The scripts use the --quiet flag to avoid detection and execute automatically during package installation/update. This data exfiltration poses significant privacy and security risks, including information leakage, system profiling, and potential follow-up targeted attacks.

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

Malicious code in rwvoloe (npm) Source: ghsa-malware (a67faf0be88e8a9e6adda37cb3aefa64d927b16033356b099ada026418ddc30f) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

This file is offensive/exploit tooling: it performs automated reconnaissance, crafts and sends SQLi and PHP eval payloads against Joomla sites, extracts credentials/session data, and attempts to install a PHP webshell for persistence. Those behaviors constitute malicious activity (unauthorized access, credential theft, backdoor installation). Treat this code as malicious/exploitative; do not include it in trusted dependencies or run it on networks you do not own/authorize. The snippet contains some syntactic errors suggesting a truncated copy, but intent and many operational parts are explicit.

This code explicitly reads a local file (default './resume.pdf') and uploads it to a fixed remote server without validation or consent. That behavior constitutes a high-risk data exfiltration primitive. Treat inclusion of this module as suspicious; review package provenance, remove or replace the code, or require destination configuration and explicit consent before uploading. Avoid running this in developer machines or CI until proven benign.

Malicious code in dono-ikan58-sluey (npm) Source: amazon-inspector (49e714850d9accc80b06b347853af9876a65982dbbd7d6938ee50b2845be5c48) This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts (auto.js, autopublish.js, autopublish2.js, autopublish3.js) designed to automatically generate and publish derivative packages with randomized names to inflate developer reputation scores for tea protocol token rewards. The malicious payload modifies package.json to remove private flags, changes version numbers, generates random Indonesian-themed package names (some variants are also in English), and continuously republishes variants to pollute the npm registry.

The code is designed to collect and send sensitive information to a remote server without the user's knowledge or consent. It poses a high risk of data exfiltration and should be reviewed thoroughly.

Live on npm for 9 hours and 19 minutes before removal. Socket users were protected even while the package was live.

Malicious code in geomorphology-astrochemistry-alphard-zenith (npm) Source: amazon-inspector (206b849dc5689a7e5c43f5c73d619dc09d9bd8248ad29e5e4a9c7beb15c96102) This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts (auto.js, autopublish.js, autopublish2.js, autopublish3.js) designed to automatically generate and publish derivative packages with randomized names to inflate developer reputation scores for tea protocol token rewards. The malicious payload modifies package.json to remove private flags, changes version numbers, generates random Indonesian-themed package names (some variants are also in English), and continuously republishes variants to pollute the npm registry.

Malicious code in staff-www (npm) Source: ghsa-malware (8814acf927915297c16c613cbe7ec500aeefd67cf9b5fc2bfc1d5102e46ed455) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Live on npm for 1 day, 11 hours and 25 minutes before removal. Socket users were protected even while the package was live.

The DLL’s Init() routine creates a file named CloudServiceUpdater.cmd in the user’s Start Menu→Programs→Startup folder, sets its file attribute to Hidden, and writes a PowerShell one-liner that: 1) defines a URL (https://quicktrap[.]xyz/cdn/CosmicProject[.]exe) and local paths (%TEMP% and %LOCALAPPDATA%\CloudServiceUpdate); 2) uses Invoke-WebRequest to fetch the remote payload into %TEMP%/updater.exe; 3) creates the CloudServiceUpdate directory under %LOCALAPPDATA%, moves the downloaded file there as CloudServiceUpdate.exe; 4) enters a `while($true)` loop invoking Start-Process -Verb RunAs on the payload until it succeeds. This establishes stealthy persistence on login, remote code retrieval, and elevation of privileges without user consent.

Malicious code in rtxt-dep2 (PyPI) Source: kam193 (3a0cd03149005afa6cc505bea16d80c21f5bbbd226c16c659ed6abb41cf730a2) Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities. Campaign: GENERIC-standard-pypi-install-pentest Reasons (based on the campaign): - The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk. - The package overrides the install command in setup.py to execute malicious code during installation.

This module is a high-risk automation tool for a banking web UI: it authenticates using an operator-supplied OTP, persists session cookies for reuse, performs automated transfers, captures receipts and session video, and provides mechanisms to exfiltrate those artifacts to external recipients. While the code is not heavily obfuscated, its capabilities enable financial fraud and sensitive-data leakage. Treat this code as potentially malicious or at least dangerous for use in trusted environments; do not deploy it against real accounts without strict controls and audits.

Observed in registry monitoring as part of a split-payload data distribution by user 'sdjkals'. Packages contain many malformed WOFF2-like segment files that appear to be encrypted/obfuscated and are used to store/serve fragmented payloads across multiple packages (infrastructure abuse and payload assembly evasion). Source: routine monitoring of NPM registry activity described in the provided report.