Zlonamjerni kodni sažetak u lipnju

Mjesečni sažetak Malicious Code Digesta: lipanj

Dobro došli u June edition of the Xygeni Malicious Code Digest. This month, our security research team confirmed more than 645 zlonamjernih paketa across npm, PyPI, and (for the first time) the VSCode extension marketplace.

June was defined by three converging trends: sustained version-flooding campaigns designed to outlast blocklists, a sharp acceleration in attacks targeting AI tooling and agentic development workflows, and coordinated dependency confusion attacks against internal monorepo namespaces.

Among the most notable campaigns documented this month:

  • osjetljivost flooded npm with over 70 versions across the 2.5.x range, a sustained evasion campaign republishing continuously to stay ahead of takedowns.
  • A two-wave Solana typosquat campaign (June 7–8) published 15 packages impersonating @solana-labs ecosystem tooling, targeting Web3 and DeFi developers directly.
  • houzidawang806 accounted for over 25 versions in a single day (June 13), joined by metrika-pipeline-d8k2 republished across 21 versions between June 15–18.
  • The CryptoDAO Confusion campaign (June 17) published 11 packages at version 99.99.99, each carrying an identical postinstall payload sweeping CI/CD tokens, cloud credentials, and crypto wallet secrets. 
  • The week of June 20–26 brought the most concentrated AI tooling targeting of the month: ollama-helpers (20 verzije), openai-agents-helpers (23 verzije), monoclaude, ai-sdk-helpersi @langgraphjs/toolkit, all confirmed in a single week, directly targeting Ollama, OpenAI agents SDK, LangGraph, and Claude API integrations.
  • Two confirmed malicious VSCode extensions appeared this month, signaling that attackers are expanding beyond package registries into the developer environment itself.

The defining pattern of June: attacks are moving into IDE extensions, AI agent tooling, and agentic workflows where a malicious package installed autonomously has no human reviewer between infection and execution.

This monthly update is part of Xygeni’s ongoing malware and supply chain threat research initiative. For full context across every malicious package confirmed this month, explore the complete June Malicious Code Digest and related research from the Xygeni Security Team.

Week 4: Over 201 Packages Discovered

ekosustav Paket Datum
Lipnja 20, 2026
NPMpanoramski usmjerivač:5.0.2 + 30 versions across 5.x–6.x range through Jun 22 — dominant campaign of the weekLipnja 20, 2026
NPMtrimprompt:1.0.5 + 4 versions — continuation from previous week, still activeLipnja 20, 2026
NPMmonoklaud:1.0.1 + 2 versions — Claude API tooling impersonationLipnja 20, 2026
vscodeorbit-agent-par-programiranje-za-smalltalk:1.206.0 + 1 version — malicious VSCode extension targeting agentic developmentLipnja 20, 2026
NPMsimplisage-gatsby:1.0.1 Smart home platform namespace impersonationLipnja 20, 2026
Lipnja 21, 2026
NPMatlasora-dijeljeno:1.0.0 + 6 packages — coordinated monorepo dependency confusion: atlasora-api, -client, -sdk, -types, -utils, -configLipnja 21, 2026
NPMintegracijapost:4.0.2 + 6 versions — deliberate misspelling campaign targeting integration toolingLipnja 21, 2026
NPMllm-traces-app:1.0.1 LLM observability tooling targetedLipnja 21, 2026
pypid0rk3r-telemetrija:1.0.0 Obfuscated telemetry package in PyPILipnja 21, 2026
Lipnja 22, 2026
pypitm-ai:2.91.75 + 7 versions — sustained PyPI version flooding campaignLipnja 22, 2026
pypizahtjev-predmemorija-py:1.0.4 + 6 versions — PyPI version floodingLipnja 22, 2026
pypicorvinos:0.17.0 + 6 versions — PyPI bulk registration campaignLipnja 22, 2026
Lipnja 23, 2026
NPMweb3-token-helper:1.1.1 + 2 versions — Web3 token utility targetingLipnja 23, 2026
NPMmonokros:1.0.1 + 1 version — mono-* naming cluster alongside monoclaude and monotacosLipnja 23, 2026
Lipnja 24, 2026
NPMollama-pomoćnici:0.1.0 + 19 versions — largest AI tooling campaign of the month, targeting Ollama local AI runtimeLipnja 24, 2026
NPMopenai-agents-helpers:0.1.1 + 22 versions — coordinated campaign targeting OpenAI agents SDK ecosystemLipnja 24, 2026
Lipnja 25, 2026
NPMai-sdk-pomoćnici:1.4.3 AI SDK tooling targeted alongside @langgraphjs/toolkit:1.2.11Lipnja 25, 2026
NPMprijava-ugrađivač:99.99.99-poc3 + hs-locale-management — HubSpot internal namespace dependency confusion, poc suffix confirms active research campaignLipnja 25, 2026
Lipnja 26, 2026
NPMeasy-string-kit:1.0.1 + 8 versions including variant easy-string-kit232 — bulk registration under generic utility nameLipnja 26, 2026
NPMnesiguran-zlonamjeran-paket:1.0.0 + 5 versions — package explicitly named as malicious, confirmed payload, likely test or provocation campaignLipnja 26, 2026
NPM@vpms/dizajn-sustava:1.1.2 + 2 versions — design system namespace impersonationLipnja 26, 2026

Week 3: Over 200 Packages Discovered

ekosustav Paket Datum
Lipnja 13, 2026
NPMhouzidawang806:1.0.0 + 25 versions across 1.0.x–1.2.x including siblings houzidawang807 and houzidawang808 — dominant campaign of the weekLipnja 13, 2026
NPMprijateljski-pozdravljač-demo:1.0.2 + 4 versions — persistent campaign reappearing across multiple daysLipnja 13, 2026
NPMtsc-ai:1.2.0 tsc-* cluster: tsc-ai, tsc-mesh, tsc-lotl — CI tooling namespace impersonationLipnja 13, 2026
pypineuralbridge-sdk:4.5.4 + 6 versions across 4.5.x–5.1.x — sustained multi-day PyPI campaignLipnja 13, 2026
Lipnja 15, 2026
NPMcijene-tokena-cron:999.0.0 + 6 packages — DeFi infrastructure dependency confusion cluster targeting internal cron and vault toolingLipnja 15, 2026
Lipnja 16, 2026
NPMbodega-sdk:9.9.9 + 8 packages — DeFi lending and Cardano ecosystem cluster: flow-lending, surf-lending, janus-*, flowcardano, flowdefiLipnja 16, 2026
NPMmetrike-događaja-q3x7:1.0.0 + 8 versions — generic hex-suffix package registering bulk monitoring-themed namesLipnja 16, 2026
NPMnic-datagov:1.0.0 + 3 packages — government data platform namespace impersonation: ogd-analytics, ogd-platform, dms-backendLipnja 16, 2026
Lipnja 17, 2026
NPMcryptodao-ugovori: 99.99.99 + 10 packages — CryptoDAO dependency confusion: core, sdk, bot, config, utils, deploy, signer, backend, typesLipnja 17, 2026
pypiteambot-ai:1.48.0 AI agent tooling targeted in PyPILipnja 17, 2026
Lipnja 18, 2026
NPMmetrika-pipeline-d8k2:1.0.0 + 20 versions across Jun 18 — sustained single-day evasion campaign, republishing continuously to outlast blocklistsLipnja 18, 2026
NPMsamo skeniranje: 0.4.5 + 6 versions — version flooding campaignLipnja 18, 2026
NPMcolor-utils-dee0:1.0.0 + 5 generic hex-suffix packages: data-utils, string-tools, type-check, fmt-helpers, metrics-probe — scripted bulk registrationLipnja 18, 2026
NPM@azure-lab-services/ml-ts:99.0.0 Azure ML namespace impersonationLipnja 18, 2026
Lipnja 19, 2026
NPMtrimprompt:1.0.2 + trimprompt-hub — prompt engineering tooling targetedLipnja 19, 2026
NPMClaude-cup: 0.8.6 Claude API tooling impersonationLipnja 19, 2026
pypiaiaddin-agent:0.1.0 AI agent tooling targeted in PyPILipnja 19, 2026
NPMweb3-crypto-address-utils:0.1.0 Web3 utility targetingLipnja 19, 2026

Week 2: Over 135 Packages Discovered

ekosustav Paket Datum
Lipnja 7, 2026
NPM@solana-labs/web3.js:1.0.0 + 5 variants — Solana ecosystem typosquat campaign, first waveLipnja 7, 2026
NPM@jisan901/teamfocus:1.0.0 + 2 versionsLipnja 7, 2026
NPM@sflyinc-knapsack/shutterfly-react:999.0.0 Dependency confusion, inflated versionLipnja 7, 2026
Lipnja 8, 2026
NPM@solana-labs/web3.js:1.98.102 + 9 variants — Solana ecosystem typosquat campaign, second waveLipnja 8, 2026
pypihelixagentai:0.1.3 AI agent tooling targeted in PyPILipnja 8, 2026
Lipnja 9, 2026
NPM@nstrlabs/sdk:99.0.0 + 7 packages — dependency confusion against internal monorepo namespaceLipnja 9, 2026
NPM@klapp-login-platform/native-sdk:99.0.0 + 9 packages — authentication platform impersonation across multiple klapp namespacesLipnja 9, 2026
NPMblockchain-helper-0:1.0.0 + 7 packages — crypto/DeFi utility cluster targeting Web3 developersLipnja 9, 2026
NPM@card-pci-data/store:99.0.0 Payment card data namespace targetedLipnja 9, 2026
Lipnja 10, 2026
NPMmorningstar-design-system:99.0.0 + 2 versions — financial design system impersonationLipnja 10, 2026
Lipnja 11, 2026
NPMpocteszep:1.0.1 + 5 versions published same dayLipnja 11, 2026
NPM@coze-common/chat-area:99.1.1 AI chat platform namespace impersonationLipnja 11, 2026
pypitelegramlite:1.0.0 + 1 version — messaging platform impersonation in PyPILipnja 11, 2026
Lipnja 12, 2026
NPMecto-corsair-whisper-6f3b9:1.0.18 + 7 ecto-* variants — obfuscated name clusterLipnja 12, 2026
NPMinternallib_v984:1.0.3 + internallib_v557 cluster — 13 versions of internal library impostorsLipnja 12, 2026
NPMvoyager-web:999.0.0 Dependency confusion, inflated versionLipnja 12, 2026
pypicdjeez:0.32.0Lipnja 12, 2026

Week 1: Over 118 Packages Discovered

ekosustav Paket Datum
Svibanj 30, 2026
NPM@cloudplatform-single-spa/administracija:99.99.100 Dependency confusion, inflated versionSvibanj 30, 2026
vscodexampp-manager:5.1.3 VSCode extension — developer tool impersonationSvibanj 30, 2026
Lipnja 1, 2026
NPM@tse-digital/core:99.0.0 Dependency confusion — @telenor-se and @ownit also hitLipnja 1, 2026
NPMcms-storehub:1.3.4 + 2 versions, CMS namespace clusterLipnja 1, 2026
NPM@antoncallahan/aws-user-helper:6767.67.69 + 6 versions, inflated version numbers targeting AWS credentialsLipnja 1, 2026
NPMpacijentovi dokumenti: 75.0.0 Healthcare namespace targetLipnja 1, 2026
NPM@emcd-vue/auth:6.4.9 Crypto exchange namespace impersonationLipnja 1, 2026
pypisimtooreal-cli:0.3.0Lipnja 1, 2026
Lipnja 2, 2026
NPMosjetljivost: 2.5.8 + 70 versions across 2.5.x range, Jun 2–5 — dominant campaign of the periodLipnja 2, 2026
NPM@langgraphjs/toolkit:1.2.10 LangGraph tooling targetedLipnja 2, 2026
Lipnja 4, 2026
NPM@sentry-browser-sdk/profiling-node:1.0.1 + 2 versions, Sentry namespace impersonationLipnja 4, 2026
NPMinternallib_v346:1.0.3 + 2 versions, internal library impostorLipnja 4, 2026
NPMai-sdk-pomoćnici:0.2.1 + 7 versions, targeting AI SDK toolingLipnja 4, 2026

Stop Malicious Code Before It Reaches Your Pipeline

Software supply chain threats have moved well past theoretical. Dependency confusion attacks, credential stealers, AI-targeted malware, and poisoned developer tooling are hitting real teams in real SDLCs every week.

Xygenijev otkrivanje zlonamjernog softvera i supply chain security platform gives organizations the visibility to catch malicious dependencies before they execute on a developer machine, enter a build system, or reach production. Coverage spans npm, PyPI, VSCode, and beyond, monitoring for suspicious publishing patterns, namespace abuse, typosquatting, and AI-native attack techniques as they emerge.

Every finding is automatically prioritized by exploitability, reachability, and business impact, so your team focuses on what actually needs fixing, not noise.

Whether it’s a malicious open-source package, a compromised developer tool, or an AI-generated code risk, Xygeni keeps security and engineering teams one step ahead of the supply chain threat landscape.

Explore every malicious package and campaign validated by the Xygeni Security Team in the Sažetak zlonamjernog koda.

Stay secure. Stay fast. Stay in control with Xygeni.

alati-za-analizu-sastava-softvera-sca-tools
Prioritizirajte, sanirajte i osigurajte softverske rizike
Nabavite svoj besplatni račun.
Nije potrebna kreditna kartica.

Osigurajte svoj razvoj i isporuku softvera

s Xygeni paketom proizvoda