Start Free Trial
Book a Demo
malicious-code-digest-february

Malicious Code Digest Monthly Recap: February

Table of Contents

Latest posts of interest

Welcome to the latest edition of the Xygeni Malicious Code Digest (Monthly Edition)! Over the past few weeks, our teams have been hard at work identifying and blocking emerging threats to safeguard the integrity of our customers’ software ecosystems. These findings highlight the persistent vulnerabilities within open-source component registries and emphasize the necessity of proactive detection and mitigation strategies.

In February 2025, we analyzed and reported over 500 malicious packages spreading across multiple registries, marking a significant increase compared to previous months. The threats identified range from data exfiltration and typosquatting to dependency confusion attacks, underscoring the evolving tactics used by threat actors.

Week 4: Over 80 Packages Discovered

Key Findings:

  • NPM Packages:
    • @roku-web-ui/header:99.9.7
    • @roku-web-ui/kitchensink-ui-base:99.9.7
    • @roku-web-ui/legacy-nav-page-standard-wrapper:99.9.7
    • @roku-web-ui/legacy-styleguide:99.9.7
    • @roku-web-ui/modal:99.9.7
    • @roku-web-ui/pills:99.9.7
    • @roku-web-ui/standard-footer:99.9.7
    • adl-commons-lib-node-pp-parameter-store:1.0.0
    • aes-procredit:1.3.2
    • angularonlineauthclient:1.0.1
    • app_custom_pinterest:99.99.10
    • as-web-tool:0.0.1
    • atm-event-app:1.0.0
    • autogestion-aprendizaje:1.0.4
    • bastion-react-app:9.9.9
    • bg-todomvc:1.1.0
    • bm_pinterest:99.99.10
    • cf-middleware-set-header:99.99.99
    • champion-trader:1.0.0
    • cloudflare-vite-tutorial:99.99.99
    • clubhouse-to-linear-exporter:99.99.10
    • cpp-spa-loginad:1.0.1
    • cse-common-arch–long-running-app–create-vm-cf:99.99.10
    • cta-onboard-express:1.0.1
    • dt-adoptionoverview-extension:99.99.99
    • edubrite:1.1.0
    • eslint-plugin-highcharts:2.0.0
    • evoplay-spinential:99.9.10
    • fgrttry565be:1.0.0
    • floqast:1.0.0
    • floqast:1.0.2
    • flow-inflation-client:1.0.0
    • gh-node-module-generatebom:1.0.0
    • gss.survey.application:1.0.2
    • gss.survey.application:1.0.3
    • gss.survey.application:1.0.4
    • gss.survey.application:1.0.7
    • ing-open-banking-cli-js:3.9.9
    • int_pinterest_sfra:99.99.10
    • kitchensink-ui-base:99.9.7
    • lappsec-testpackage:1.0.0
    • leonardo-nomorepo:0.0.1
    • linear-file-upload-example:9.9.1
    • linear-open-issue:9.9.1
    • linear-zapier:9.9.1
    • mailu:1.0.0
    • main-branch-check:1.0.2
    • metamask-design-tokens-tailwind:99.99.10
    • metamask-sdk-create-react-app:99.99.10
    • mexc-dev:19.4.9
    • mexc-internal:19.4.9
    • mexc-test:19.4.9
    • mexc:19.4.9
    • ngweb:1.0.2
    • nodes-tree-visualizer-server:1.0.0
    • postprocesstree-addon:1.1.1
    • publish-private-provider-action:1.0.0
    • quickwit-ui:1.0.0
    • radar-frontend:1.0.3
    • radiodesign:1.0.2
    • rc-upload-sdk:2.0.1
    • react-native-windows-repo:1.0.2
    • realtime-examples:0.1.0
    • realtimeboard:1.0.0
    • referrals-landing-page:1.0.1
    • scriptconfig:1.0.1
    • secure-toolbots:1.0.0
    • secure-toolbots:1.0.1
    • securedrop:9.9.9
    • solaraexecutor:1.0.3
    • spacelift-webhook-receiver:1.1.0
    • stormapptest2134:1.0.0
    • twilio-realtime:1.0.0
    • twilio-realtime:1.0.1
    • voiceedgelite:1.1.9
    • voiceedgelite:1.2.0
    • vscode-ps1:9.9.9
    • wasm-test-adapter:1.0.0
    • wkndaemassetcompute:0.0.2
    • www-discoveryeducation-com:9.9.9
    • xeno.dll:1.0.1
    • xeno.dll:1.0.2
    • xeno.dll:1.0.3
    • yxt-factor:10.10.10
    • zaggletech:99.0.2

Week 3: Over 110 Packages Discovered

Key Findings:

  • NPM Packages:
    • @npm-aditech387/public-repo-ui:1.0.1
    • @usaa-grp-ent-conv-platform/usaa:1.1.10
    • @usaa-grp-ent-conv-platform/usaa:1.1.11
    • @usaa-grp-ent-conv-platform/usaa:1.1.12
    • @usaa-grp-ent-conv-platform/usaa:1.1.13
    • @usaa-grp-ent-conv-platform/usaa:1.1.14
    • @usaa-grp-ent-conv-platform/usaa:1.1.16
    • @usaa-grp-ent-conv-platform/usaa:1.1.18
    • @usaa-grp-ent-conv-platform/usaa:1.1.19
    • @usaa-grp-ent-conv-platform/usaa:1.1.21
    • 1password-sdk-examples:1.0.0
    • ab-typescript-app:9.0.0
    • action-sequences:5.0.0
    • action-sequencess:5.0.0
    • aem-headless-advanced-tutorial-wknd-app:9.0.0
    • aem-headless-web-component:5.0.0
    • atm-event-app:1.0.0
    • charts-e2e:1.0.0
    • elastic-buildkite-manager:2.0.0
    • engineering-blog:1.0.12
    • fgrttry565be:1.0.0
    • floqast:1.0.0
    • floqast:1.0.2
    • franklin-service:9.0.0
    • harper-web:1.0.0
    • ing-open-banking-cli-js:3.9.9
    • ing-open-banking-cli-js:4.0.1
    • jaas-jwt:2.0.0
    • keycloak-theme:3.0.0
    • leonardo-monorepo:9.0.0
    • leonardo-nomorepo:0.0.1
    • linter-coffee-variables:1.0.0
    • liquidity-bridge-contract:4.0.0
    • nsot:1.0.0
    • owl.carousel.custom:0.1.9
    • paypal-url-generator:0.0.1
    • ragbot-starter:1.0.0
    • react-spectrum-monorepo:3.0.0
    • sample-notes-application:1.0.0
    • securedrop:9.9.9
    • spectrum-css-monorepo:1.0.0
    • tbasdzqdl55:22.2.2
    • tedrertrtrtst:1.0.0
    • tesdf45454t:1.0.0
    • testing098765:1.0.0
    • tstfde54545:1.0.0
    • unmoderated:1.0.0
    • uyurettrtrtst:1.0.0
    • voiceedgelite:1.0.1
    • voiceedgelite:1.0.2
    • voiceedgelite:1.0.9
    • voiceedgelite:1.1.3
    • voiceedgelite:1.1.4
    • voiceedgelite:1.1.5
    • voiceedgelite:1.1.6
    • voiceedgelite:1.1.7
    • voiceedgelite:1.1.8
    • voiceedgelite:1.1.9
    • voiceedgelite:1.2.0
    • vscode-ps1:9.9.9
    • wkndaemassetcompute:0.0.2
    • www-discoveryeducation-com:9.9.9
    • yizhifabao55:1.2.2
    • yizhifabao56:1.2.2
    • yizhifabao57:1.2.2
    • yizhifabao58:1.2.2
    • yizhifabao59:1.2.2
    • yizhifabao60:1.2.2
    • yizhifabao61:1.2.2
    • yizhifabao62:1.2.2
    • yizhifabao63:1.2.2
    • yxt-factor:10.10.10
    • pydantic-kit:1.7
    • @roku-web-ui/modal:99.9.7
    • @roku-web-ui/pills:99.9.7
    • @roku-web-ui/standard-footer:99.9.7
    • aes-procredit:1.3.2
    • autogestion-aprendizaje:1.0.4
    • behat:1.10.0
    • bqtop:1.0.0
    • cpp-spa-loginad:1.0.1
    • cta-onboard-express:1.0.1
    • evoplay-spinential:99.9.10
    • explore-assistant:1.0.0
    • gslack:1.0.0
    • gss.survey.application:1.0.2
    • gss.survey.application:1.0.3
    • gss.survey.application:1.0.4
    • honeybook-marketing-gatsby:1.0.0
    • kitchensink-ui-base:99.9.7
    • lappsec-testpackage:1.0.0
    • linear-file-upload-example:9.9.1
    • linear-open-issue:9.9.1
    • linear-zapier:9.9.1
    • mexc-dev:19.4.9
    • mexc-internal:19.4.9
    • mexc-test:19.4.9
    • mexc:19.4.9
    • ngweb:1.0.2
    • radiodesign:1.0.2
    • referrals-landing-page:1.0.1
    • secure-toolbots:1.0.0
    • secure-toolbots:1.0.1
    • solaraexecutor:1.0.3
    • track-visibility:66.6.0
    • wcc-connector:1.0.0
    • xeno.dll:1.0.1
    • xeno.dll:1.0.2
    • xeno.dll:1.0.3
    • zmcrypty:66.6.0
    • zmsqlite3:66.6.0

Week 2: Over 110 Packages Discovered

Key Findings:

  • NPM Packages:
    • fameex: 19.4.9
    • fameex-test: 19.4.9
    • fameex-main: 19.4.9
    • fameex-internal: 19.4.9
    • dzengi: 19.4.9
    • dops-components: 2.0.0
    • domain-picker: 2.0.0
    • digifinex-test: 19.4.9
    • digifinex-main: 19.4.9
    • digifinex-internal: 19.4.9
    • design-preview: 2.0.0
    • design-picker: 2.0.0
    • design-carousel: 2.0.0
    • deepcoin: 19.4.9
    • deepcoin-test: 19.4.9
    • deepcoin-main: 19.4.9
    • deepcoin-internal: 19.4.9
    • crypto-main: 19.4.9
    • crypto-internal: 19.4.9
    • consumer-platform-global-package: 1.0.0
    • com.unity.2d.common: 9.0.1
    • coinw-test: 19.4.9
    • coinw-main: 19.4.9
    • coinstore: 19.4.9
    • coinstore-test: 19.4.9
    • coinstore-main: 19.4.9
    • coinstore-internal: 19.4.9
    • coincheck-test: 19.4.9
    • coincheck-main: 19.4.9
    • coincheck-internal: 19.4.9
    • calypso-url: 2.0.0
    • calypso-typescript-config: 2.0.0
    • calypso-e2e: 1004.0.0
    • calypso-doctor: 1004.0.0
    • calypso-config: 1004.0.0
    • calypso-color-schemes: 1004.0.0
    • bvox: 19.4.9
    • bvox-test: 19.4.9
    • bvox-main: 19.4.9
    • bvox-internal: 19.4.9
    • blockapis: 1.0.0
    • bitvavo-test: 19.4.9
    • bitvavo-main: 19.4.9
    • bitvavo-internal: 19.4.9
    • bitunix-test: 19.4.9
    • bitunix-main: 19.4.9
    • bitunix-internal: 19.4.9
    • bitstamp-test: 19.4.9
    • bitstamp-main: 19.4.9
    • bitstamp-internal: 19.4.9
    • bitrue: 19.4.9
    • bitrue-test: 19.4.9
    • bitrue-main: 19.4.9
    • bitrue-internal: 19.4.9
    • bitmart-test: 19.4.9
    • bitmart-production: 19.4.9
    • bitmart-main: 19.4.9
    • bitmart-internal: 19.4.9
    • bithumb-test: 19.4.9
    • bithumb-main: 19.4.9
    • bithumb-internal: 19.4.9
    • bitflyer-test: 19.4.9
    • bitflyer-main: 19.4.9
    • bitflyer-internal: 19.4.9
    • bitfinex-test: 19.4.9
    • bitfinex-production: 19.4.9
    • bitfinex-main: 19.4.9
    • bitfinex-dev: 19.4.9
    • bingx-test: 19.4.9
    • bingx-production: 19.4.9
    • bingx-main: 19.4.9
    • bingx-internal: 19.4.9
    • bifinance: 19.4.9
    • bifinance-test: 19.4.9
    • bifinance-main: 19.4.9
    • bifinance-internal: 19.4.9
    • biconomy: 19.4.9
    • biconomy-test: 19.4.9
    • biconomy-main: 19.4.9
    • azbit: 19.4.9
    • azbit-test: 19.4.9
    • azbit-main: 19.4.9
    • azbit-internal: 19.4.9
    • ascendex: 19.4.9
    • ascendex-test: 19.4.9
    • ascendex-main: 19.4.9
    • ascendex-internal: 19.4.9
    • @usaa-grp-ent-conv-platform/usaa: 1.1.2
    • @roku-web-ui/kitchensink-ui-base: 9.9.9
    • @roku-web-ui/kitchensink-ui-base: 14.0.7
    • @roku-web-ui/kitchensink-ui-base: 14.0.6
  • PyPi Packages
    • xt-dev: 19.4.9
    • whitebit-dev: 19.4.9
    • weex-dev: 19.4.9
    • vuepress-plugin-lego-analytics: 4.0.1
    • vue-search-ui-demo: 1.0.0
    • vhx-node-demo: 1.0.0
    • uzx-dev: 19.4.9
    • truecaller-profile-validation: 1.0.0
    • toobit-dev: 19.4.9
    • tokocrypto-dev: 19.4.9
    • theme-tools: 1.1.0
    • tapbit-dev: 19.4.9
    • sally-fw: 69.0.0
    • sally-fn: 72.0.0
    • ruby-typeprof: 1.0.0
    • rif-wallet: 1.0.0
    • publish-private-provider-action: 1.0.0
    • probit: 19.4.9
    • probit-dev: 19.4.9
    • pmmmwh: 1.0.1
    • pionex-dev: 19.4.9

Week 1: Over 50 Packages Discovered

Key Findings:

  • NPM Packages:
    • bloomr-ts:9.9.10
    • blynk-ide:9.9.9
    • dummy-loosesight-gc:1.11.4
    • dummy-loosesight-gd:1.11.2
    • embroider:99.9.2
    • embroider:99.9.3
    • flux-common-plugin:99.9.0
    • flux-common-plugin:99.9.1
    • flux-common-plugin:99.9.3
    • genesys-richmedia:1.0.1
    • gestalt-docs:99.99.99
    • go-bazel:1.0.0
    • gutenberg-kit:1.0.0
    • hotmart:0.0.1
    • ingest-demo:1.0.0
    • lge-example:100.0.0
    • manifold-website:1.0.0
    • modulous:7.0.0
    • nft-transfer-transforme:99.99.1
    • nft-transfer-transformer:99.99.99
    • nlohmann-json:99.99.99
    • ontology-starter-react-app:99.0.0
    • ontology-starter-react-app:99.99.0
    • open-banking-reference-application-australia-region:1.0.0
    • opensource.razorpay.dev:9.9.9
    • orange-meets:99.99.99
    • pages-e2e:99.99.100
    • pages-e2e:99.99.99
    • puppetlabs-apt:10.10.10
    • react-vis-master:1.0.0
    • sally-fn:72.0.0
    • sally-fw:69.0.0
    • sample-nodejs-vsk-with-adm:100.0.0
    • sample-nodejs-vsk-with-adm:101.0.0
    • sample-nodejs-vsk-with-adm:99.10.2
    • sample-nodejs-vsk-with-adm:99.100.10
    • sample-nodejs-vsk-with-adm:99.9.1
    • sample-nodejs-vsk-with-adm:99.9.2
    • sample-nodejs-vsk-with-adm:99.99.10
    • ts-plugin-file-path-support:99.99.99
    • wcag-statistieken:1.0.0
    • web3-onboard-sandbox:10.10.10
    • wrap-it-mq:1.0.1
    • aes-procredit:1.3.1
    • assisted-chat:1.0.0
    • cito_frontend:1.0.0
    • genesys-richmedia:1.0.0
    • libs-util:1.0.1
    • libs-utils:1.1.11
    • prettyphoto:1.0.0
    • tsign-ui:1.0.0
    • tsign-uix:17.1.0
  • PyPi Packages
    • astrono2mio:0.6
    • astronomios:0.6
    • thispackagedoesnotexist:0.3.8

Secure Your Open Source Dependencies against Vulnerabilities and Malicious Code

Minimize risks and protect your applications from malicious packages with Xygeni Early Malware Detection. Prioritize and address the vulnerabilities that matter most. Our comprehensive solution offers real-time monitoring of your dependencies to detect and mitigate threats before they impact your software.

Managing open-source components in the current software development landscape is crucial due to the rising vulnerabilities and malicious code threats. Xygeni’s Open Source Security solution scans and blocks harmful packages upon publication, dramatically minimizing the risk of malware and vulnerabilities infiltrating your systems. Our comprehensive monitoring spans multiple public registries, ensuring all dependencies are scrutinized for safety and integrity. Xygeni enhances your team’s ability to maintain secure and reliable software projects by contextually prioritizing critical issues and facilitating streamlined remediation processes.

open-source-malware-protection
Protect Your Code with Xygeni Early Malware Detection
xygeni-free-trial
sca-tools-software-composition-analysis-tools
Prioritize, remediate, and secure your software risks
14-day free trial
No credit card required
Start Free Trial

Secure your Software Development and Delivery

with Xygeni Product Suite

Start Free Trial
Watch Video Demo
Xygeni Logo White

© 2024 Xygeni. All rights reserved

Linkedin-in X-twitter

Products

Resources

Company

Legal