Хортой кодын дайжест зургадугаар сар

Хортой кодын дайжест сарын тойм: Зургадугаар сар

тавтай морилно уу June edition of the Xygeni Malicious Code Digest. This month, our security research team confirmed more than 645 хортой багц across npm, PyPI, and (for the first time) the VSCode extension marketplace.

June was defined by three converging trends: sustained version-flooding campaigns designed to outlast blocklists, a sharp acceleration in attacks targeting AI tooling and agentic development workflows, and coordinated dependency confusion attacks against internal monorepo namespaces.

Among the most notable campaigns documented this month:

  • мэдрэг чанар flooded npm with over 70 versions across the 2.5.x range, a sustained evasion campaign republishing continuously to stay ahead of takedowns.
  • A two-wave Solana typosquat campaign (June 7–8) published 15 packages impersonating @solana-labs ecosystem tooling, targeting Web3 and DeFi developers directly.
  • houzidawang806 accounted for over 25 versions in a single day (June 13), joined by хэмжүүрүүд-pipeline-d8k2 republished across 21 versions between June 15–18.
  • The CryptoDAO Confusion campaign (June 17) published 11 packages at version 99.99.99, each carrying an identical postinstall payload sweeping CI/CD tokens, cloud credentials, and crypto wallet secrets. 
  • The week of June 20–26 brought the most concentrated AI tooling targeting of the month: оллама-туслагчид (20 versions), openai-agents-helpers (23 versions), monoclaude, ai-sdk-туслагчБолон @langgraphjs/toolkit, all confirmed in a single week, directly targeting Ollama, OpenAI agents SDK, LangGraph, and Claude API integrations.
  • Two confirmed malicious VSCode extensions appeared this month, signaling that attackers are expanding beyond package registries into the developer environment itself.

The defining pattern of June: attacks are moving into IDE extensions, AI agent tooling, and agentic workflows where a malicious package installed autonomously has no human reviewer between infection and execution.

This monthly update is part of Xygeni’s ongoing malware and supply chain threat research initiative. For full context across every malicious package confirmed this month, explore the complete June Malicious Code Digest and related research from the Xygeni Security Team.

4 дэх долоо хоног: 201 гаруй багц илэрсэн

Экосистем Багц огноо
June 20, 2026
npmпанроутер: 5.0.2 + 30 versions across 5.x–6.x range through Jun 22 — dominant campaign of the weekJun 20, 2026
npmtrimprompt:1.0.5 + 4 versions — continuation from previous week, still activeJun 20, 2026
npmмоноклауд:1.0.1 + 2 versions — Claude API tooling impersonationJun 20, 2026
vscodeжижиг хэлэлцүүлэгт зориулсан тойрог замын агентын хос програмчлал: 1.206.0 + 1 version — malicious VSCode extension targeting agentic developmentJun 20, 2026
npmхялбаршуулсан-гейтсби:1.0.1 Smart home platform namespace impersonationJun 20, 2026
June 21, 2026
npmatlasora-shared:1.0.0 + 6 packages — coordinated monorepo dependency confusion: atlasora-api, -client, -sdk, -types, -utils, -configJun 21, 2026
npmapintergrationpost:4.0.2 + 6 versions — deliberate misspelling campaign targeting integration toolingJun 21, 2026
npmllm-ул мөрүүд-апп:1.0.1 LLM observability tooling targetedJun 21, 2026
pypid0rk3r-телеметр:1.0.0 Obfuscated telemetry package in PyPIJun 21, 2026
June 22, 2026
pypitm-ai:2.91.75 + 7 versions — sustained PyPI version flooding campaignJun 22, 2026
pypiхүсэлт-кэш-py:1.0.4 + 6 versions — PyPI version floodingJun 22, 2026
pypiкорвинос:0.17.0 + 6 versions — PyPI bulk registration campaignJun 22, 2026
June 23, 2026
npmweb3-токен-туслагч:1.1.1 + 2 versions — Web3 token utility targetingJun 23, 2026
npmмонокросс: 1.0.1 + 1 version — mono-* naming cluster alongside monoclaude and monotacosJun 23, 2026
June 24, 2026
npmоллама-туслагчид:0.1.0 + 19 versions — largest AI tooling campaign of the month, targeting Ollama local AI runtimeJun 24, 2026
npmopenai-agents-helpers:0.1.1 + 22 versions — coordinated campaign targeting OpenAI agents SDK ecosystemJun 24, 2026
June 25, 2026
npmai-sdk-туслагч:1.4.3 AI SDK tooling targeted alongside @langgraphjs/toolkit:1.2.11Jun 25, 2026
npmбүртгүүлэх-оруулагч:99.99.99-poc3 + hs-locale-management — HubSpot internal namespace dependency confusion, poc suffix confirms active research campaignJun 25, 2026
June 26, 2026
npmхялбар мөрний хэрэгсэл: 1.0.1 + 8 versions including variant easy-string-kit232 — bulk registration under generic utility nameJun 26, 2026
npmаюултай-хортой-багц: 1.0.0 + 5 versions — package explicitly named as malicious, confirmed payload, likely test or provocation campaignJun 26, 2026
npm@vpms/дизайн систем:1.1.2 + 2 versions — design system namespace impersonationJun 26, 2026

3 дэх долоо хоног: 200 гаруй багц илэрсэн

Экосистем Багц огноо
June 13, 2026
npmhouzidawang806:1.0.0 + 25 versions across 1.0.x–1.2.x including siblings houzidawang807 and houzidawang808 — dominant campaign of the weekJun 13, 2026
npmнөхөрсөг мэндчилгээний демо: 1.0.2 + 4 versions — persistent campaign reappearing across multiple daysJun 13, 2026
npmtsc-ai:1.2.0 tsc-* cluster: tsc-ai, tsc-mesh, tsc-lotl — CI tooling namespace impersonationJun 13, 2026
pypineuralbridge-sdk:4.5.4 + 6 versions across 4.5.x–5.1.x — sustained multi-day PyPI campaignJun 13, 2026
June 15, 2026
npmтокен-үнэ-cron:999.0.0 + 6 packages — DeFi infrastructure dependency confusion cluster targeting internal cron and vault toolingJun 15, 2026
June 16, 2026
npmbodega-sdk:9.9.9 + 8 packages — DeFi lending and Cardano ecosystem cluster: flow-lending, surf-lending, janus-*, flowcardano, flowdefiJun 16, 2026
npmүйл явдлын хэмжүүр-q3x7:1.0.0 + 8 versions — generic hex-suffix package registering bulk monitoring-themed namesJun 16, 2026
npmnic-datagov:1.0.0 + 3 packages — government data platform namespace impersonation: ogd-analytics, ogd-platform, dms-backendJun 16, 2026
June 17, 2026
npmкриптодао-гэрээ: 99.99.99 + 10 packages — CryptoDAO dependency confusion: core, sdk, bot, config, utils, deploy, signer, backend, typesJun 17, 2026
pypiteambot-ai:1.48.0 AI agent tooling targeted in PyPIJun 17, 2026
June 18, 2026
npmхэмжүүрүүд-pipeline-d8k2:1.0.0 + 20 versions across Jun 18 — sustained single-day evasion campaign, republishing continuously to outlast blocklistsJun 18, 2026
npmзөвхөн скан хийх боломжтой: 0.4.5 + 6 versions — version flooding campaignJun 18, 2026
npmөнгөний хэрэглээний загвар0:1.0.0 + 5 generic hex-suffix packages: data-utils, string-tools, type-check, fmt-helpers, metrics-probe — scripted bulk registrationJun 18, 2026
npm@azure-лабораторийн үйлчилгээ/мл-ц:99.0.0 Azure ML namespace impersonationJun 18, 2026
June 19, 2026
npmtrimprompt:1.0.2 + trimprompt-hub — prompt engineering tooling targetedJun 19, 2026
npmКлод-кап:0.8.6 Claude API tooling impersonationJun 19, 2026
pypiaiaddin-agent:0.1.0 AI agent tooling targeted in PyPIJun 19, 2026
npmweb3-крипто-хаяг-хэрэгсэл:0.1.0 Web3 utility targetingJun 19, 2026

2 дэх долоо хоног: 135 гаруй багц илэрсэн

Экосистем Багц огноо
June 7, 2026
npm@solana-labs/web3.js:1.0.0 + 5 variants — Solana ecosystem typosquat campaign, first waveJun 7, 2026
npm@jisan901/teamfocus:1.0.0 + 2 versionsJun 7, 2026
npm@sflyinc-knapsack/shutterfly-react:999.0.0 Dependency confusion, inflated versionJun 7, 2026
June 8, 2026
npm@solana-labs/web3.js:1.98.102 + 9 variants — Solana ecosystem typosquat campaign, second waveJun 8, 2026
pypihelixagentai:0.1.3 AI agent tooling targeted in PyPIJun 8, 2026
June 9, 2026
npm@nstrlabs/sdk:99.0.0 + 7 packages — dependency confusion against internal monorepo namespaceJun 9, 2026
npm@klapp-login-платформ/төрөлх-sdk:99.0.0 + 9 packages — authentication platform impersonation across multiple klapp namespacesJun 9, 2026
npmблокчэйн-туслагч-0:1.0.0 + 7 packages — crypto/DeFi utility cluster targeting Web3 developersJun 9, 2026
npm@card-pci-data/store:99.0.0 Payment card data namespace targetedJun 9, 2026
June 10, 2026
npmmorningstar-design-system:99.0.0 + 2 versions — financial design system impersonationJun 10, 2026
June 11, 2026
npmpocteszep:1.0.1 + 5 versions published same dayJun 11, 2026
npm@coze-common/chat-area:99.1.1 AI chat platform namespace impersonationJun 11, 2026
pypiтелеграмлайт:1.0.0 + 1 version — messaging platform impersonation in PyPIJun 11, 2026
June 12, 2026
npmecto-corsair-whisper-6f3b9:1.0.18 + 7 ecto-* variants — obfuscated name clusterJun 12, 2026
npminternallib_v984:1.0.3 + internallib_v557 cluster — 13 versions of internal library impostorsJun 12, 2026
npmvoyager-web:999.0.0 Dependency confusion, inflated versionJun 12, 2026
pypicdjeez:0.32.0Jun 12, 2026

1 дэх долоо хоног: 118 гаруй багц илэрсэн

Экосистем Багц огноо
30 болтугай 2026
npm@cloudplatform-single-spa/administration:99.99.100 Dependency confusion, inflated version30 болтугай 2026
vscodexampp-менежер: 5.1.3 VSCode extension — developer tool impersonation30 болтугай 2026
June 1, 2026
npm@tse-digital/core:99.0.0 Dependency confusion — @telenor-se and @ownit also hitJun 1, 2026
npmcms-storehub:1.3.4 + 2 versions, CMS namespace clusterJun 1, 2026
npm@antoncallahan/aws-user-helper:6767.67.69 + 6 versions, inflated version numbers targeting AWS credentialsJun 1, 2026
npmөвчтөний баримт бичиг: 75.0.0 Healthcare namespace targetJun 1, 2026
npm@emcd-vue/auth:6.4.9 Crypto exchange namespace impersonationJun 1, 2026
pypisimtooreal-cli:0.3.0Jun 1, 2026
June 2, 2026
npmмэдрэг чанар: 2.5.8 + 70 versions across 2.5.x range, Jun 2–5 — dominant campaign of the periodJun 2, 2026
npm@langgraphjs/toolkit:1.2.10 LangGraph tooling targetedJun 2, 2026
June 4, 2026
npm@sentry-browser-sdk/profiling-node:1.0.1 + 2 versions, Sentry namespace impersonationJun 4, 2026
npminternallib_v346:1.0.3 + 2 versions, internal library impostorJun 4, 2026
npmai-sdk-туслагч:0.2.1 + 7 versions, targeting AI SDK toolingJun 4, 2026

Stop Malicious Code Before It Reaches Your Pipeline

Software supply chain threats have moved well past theoretical. Dependency confusion attacks, credential stealers, AI-targeted malware, and poisoned developer tooling are hitting real teams in real SDLCs every week.

Xygeni's хортой програм илрүүлэх болон supply chain security platform gives organizations the visibility to catch malicious dependencies before they execute on a developer machine, enter a build system, or reach production. Coverage spans npm, PyPI, VSCode, and beyond, monitoring for suspicious publishing patterns, namespace abuse, typosquatting, and AI-native attack techniques as they emerge.

Every finding is automatically prioritized by exploitability, reachability, and business impact, so your team focuses on what actually needs fixing, not noise.

Whether it’s a malicious open-source package, a compromised developer tool, or an AI-generated code risk, Xygeni keeps security and engineering teams one step ahead of the supply chain threat landscape.

Explore every malicious package and campaign validated by the Xygeni Security Team in the Хортой кодын дайжест.

Аюулгүй байгаарай. Хурдан байгаарай. Xygeni-тэй хамт хяналтаа хадгалаарай.

sca-tools-програм хангамжийн-бүтцийн-шинжилгээний-хэрэгсэл
Програм хангамжийн эрсдэлээ эрэмбэлэх, засах, аюулгүй болгох
Үнэгүй бүртгэлээ аваарай.
Зээлийн картын шаардлагагүй.

Програм хангамжийн хөгжүүлэлт болон хүргэлтээ аюулгүй байлгаарай

Xygeni Product Suite-тэй хамт