This week on Malicious Code Digest, we identified and analyzed over 30 packages flagged as malicious, suspicious, or containing another type of attack such as typosquatting in the most common package registries.
Xygeni Malicious Code Digest
In the latest Xygeni Malicious Code Digest, we have highlighted over 30 malicious packages that infiltrated the npm registry. This breach reveals a significant vulnerability within the software supply chain ecosystem.
Total of Maliocus NPM Packages Detected
🚨 (npm) zxcvbnmmmmmmkjhgfdssss:1.0.2
🚨 (npm) zxcvbnmmmmmmkjhgfdssss:1.0.1
🚨 (npm) zxcvbnmmmmmmkjhgfdssss:1.0.0
🚨 (npm) walkme-killer:1.0.0
🚨 (npm) skeletor-block-facetwp-filter:1.0.0
🚨 (npm) screen-control:1.0.3
🚨 (npm) plugins-bot:1.0.0
🚨 (npm) ping-bot-reduction:0.2.0
🚨 (npm) ping-bot-reduction:0.1.0
🚨 (npm) link-ui-i19n:1.0.0
🚨 (npm) lamia471:1.0.1
🚨 (npm) jetpack-custom-fonts:2.1.1
🚨 (npm) isp-orion-theme:1.1.2
🚨 (npm) icomm-mobile:1.0.0
🚨 (npm) hw-transition-animation:66.6.9
🚨 (npm) generic-synthetic-nodejs:100.0.8
🚨 (npm) generic-synthetic-nodejs:100.0.7
🚨 (npm) gcommon-ui-mobile:1.0.0
🚨 (npm) forage-core:2.1.3
🚨 (npm) eckoplugin:4.7.0
🚨 (npm) discord-bot-3:1.0.0
🚨 (npm) delphire-io-portal:1.0.0
🚨 (npm) chair-client:1.0.0
🚨 (npm) by-network:12.6.1
🚨 (npm) by-gtm:12.6.1
🚨 (npm) by-dynamic-domain:1250.6.1
🚨 (npm) bullshittss:1250.6.1
🚨 (npm) bot-login-plugins:1.0.2
🚨 (npm) avx-web-core:1000.0.1
🚨 (npm) avx-web-build:1000.0.1
🚨 (npm) avx-javascript-testing:1000.0.1
🚨 (npm) actions-next-bundle-analyzer:1.1.4
🚨 (npm) @pwndz/crm-components:3.18.0
Protect Your Application against Malicious Open Source Dependencies
Xygeni Early Malicious Code Detection supports you by automatically analyzing any new or updated open-source package. We notify you as soon as we detect any suspicious evidence of malware and add the dependency to a blacklist so you can halt the automatic build or delivery of your application before any infection risks.
With Early Detection and Early Warning mechanisms, Xygeni ensures the security and integrity of your applications.
