Zararli kod digesti iyun

Zararli kod digest oylik xulosasi: iyun

Xush kelibsiz June edition of the Xygeni Malicious Code Digest. This month, our security research team confirmed more than 645 ta zararli paket across npm, PyPI, and (for the first time) the VSCode extension marketplace.

June was defined by three converging trends: sustained version-flooding campaigns designed to outlast blocklists, a sharp acceleration in attacks targeting AI tooling and agentic development workflows, and coordinated dependency confusion attacks against internal monorepo namespaces.

Among the most notable campaigns documented this month:

  • sezgirlik flooded npm with over 70 versions across the 2.5.x range, a sustained evasion campaign republishing continuously to stay ahead of takedowns.
  • A two-wave Solana typosquat campaign (June 7–8) published 15 packages impersonating @solana-labs ecosystem tooling, targeting Web3 and DeFi developers directly.
  • houzidawang806 accounted for over 25 versions in a single day (June 13), joined by metrikalar-pipeline-d8k2 republished across 21 versions between June 15–18.
  • The CryptoDAO Confusion campaign (June 17) published 11 packages at version 99.99.99, each carrying an identical postinstall payload sweeping CI/CD tokens, cloud credentials, and crypto wallet secrets. 
  • The week of June 20–26 brought the most concentrated AI tooling targeting of the month: ollama-yordamchilari (20 versions), openai-agentlari-yordamchilari (23 versions), monoclaude, ai-sdk-yordamchilariva @langgraphjs/toolkit, all confirmed in a single week, directly targeting Ollama, OpenAI agents SDK, LangGraph, and Claude API integrations.
  • Two confirmed malicious VSCode extensions appeared this month, signaling that attackers are expanding beyond package registries into the developer environment itself.

The defining pattern of June: attacks are moving into IDE extensions, AI agent tooling, and agentic workflows where a malicious package installed autonomously has no human reviewer between infection and execution.

This monthly update is part of Xygeni’s ongoing malware and supply chain threat research initiative. For full context across every malicious package confirmed this month, explore the complete June Malicious Code Digest and related research from the Xygeni Security Team.

4-hafta: 201 dan ortiq posilka topildi

Ekosistema To'plam sana
Iyun 20, 2026
npmPanrouter: 5.0.2 + 30 versions across 5.x–6.x range through Jun 22 — dominant campaign of the weekJun 20, 2026
npmtrimprompt:1.0.5 + 4 versions — continuation from previous week, still activeJun 20, 2026
npmmonoklaud: 1.0.1 + 2 versions — Claude API tooling impersonationJun 20, 2026
vscodekichik suhbat uchun orbita-agent juftligi dasturlash: 1.206.0 + 1 version — malicious VSCode extension targeting agentic developmentJun 20, 2026
npmsoddalashtirilgan-gatsby:1.0.1 Smart home platform namespace impersonationJun 20, 2026
Iyun 21, 2026
npmatlasora-shared:1.0.0 + 6 packages — coordinated monorepo dependency confusion: atlasora-api, -client, -sdk, -types, -utils, -configJun 21, 2026
npmapintergrationpost:4.0.2 + 6 versions — deliberate misspelling campaign targeting integration toolingJun 21, 2026
npmllm-izlari-ilovasi:1.0.1 LLM observability tooling targetedJun 21, 2026
pypid0rk3r-telemetriya:1.0.0 Obfuscated telemetry package in PyPIJun 21, 2026
Iyun 22, 2026
pypitm-ai:2.91.75 + 7 versions — sustained PyPI version flooding campaignJun 22, 2026
pypiso'rov-kesh-py:1.0.4 + 6 versions — PyPI version floodingJun 22, 2026
pypicorvinos:0.17.0 + 6 versions — PyPI bulk registration campaignJun 22, 2026
Iyun 23, 2026
npmweb3-token-yordamchisi: 1.1.1 + 2 versions — Web3 token utility targetingJun 23, 2026
npmmonokross: 1.0.1 + 1 version — mono-* naming cluster alongside monoclaude and monotacosJun 23, 2026
Iyun 24, 2026
npmollama-yordamchilari:0.1.0 + 19 versions — largest AI tooling campaign of the month, targeting Ollama local AI runtimeJun 24, 2026
npmopenai-agentlari-yordamchilari:0.1.1 + 22 versions — coordinated campaign targeting OpenAI agents SDK ecosystemJun 24, 2026
Iyun 25, 2026
npmai-sdk-yordamchilari: 1.4.3 AI SDK tooling targeted alongside @langgraphjs/toolkit:1.2.11Jun 25, 2026
npmro'yxatdan o'tish-joylashtiruvchi: 99.99.99-poc3 + hs-locale-management — HubSpot internal namespace dependency confusion, poc suffix confirms active research campaignJun 25, 2026
Iyun 26, 2026
npmoson torli to'plam: 1.0.1 + 8 versions including variant easy-string-kit232 — bulk registration under generic utility nameJun 26, 2026
npmxavfli-zararli-paket: 1.0.0 + 5 versions — package explicitly named as malicious, confirmed payload, likely test or provocation campaignJun 26, 2026
npm@vpms/dizayn-tizimi:1.1.2 + 2 versions — design system namespace impersonationJun 26, 2026

3-hafta: 200 dan ortiq posilka topildi

Ekosistema To'plam sana
Iyun 13, 2026
npmhouzidawang806:1.0.0 + 25 versions across 1.0.x–1.2.x including siblings houzidawang807 and houzidawang808 — dominant campaign of the weekJun 13, 2026
npmdo'stona-tabriklash-demo: 1.0.2 + 4 versions — persistent campaign reappearing across multiple daysJun 13, 2026
npmtsc-ai:1.2.0 tsc-* cluster: tsc-ai, tsc-mesh, tsc-lotl — CI tooling namespace impersonationJun 13, 2026
pypineuralbridge-sdk:4.5.4 + 6 versions across 4.5.x–5.1.x — sustained multi-day PyPI campaignJun 13, 2026
Iyun 15, 2026
npmtoken-narxlari-cron:999.0.0 + 6 packages — DeFi infrastructure dependency confusion cluster targeting internal cron and vault toolingJun 15, 2026
Iyun 16, 2026
npmbodega-sdk:9.9.9 + 8 packages — DeFi lending and Cardano ecosystem cluster: flow-lending, surf-lending, janus-*, flowcardano, flowdefiJun 16, 2026
npmvoqea-metrikalari-q3x7:1.0.0 + 8 versions — generic hex-suffix package registering bulk monitoring-themed namesJun 16, 2026
npmnic-datagov:1.0.0 + 3 packages — government data platform namespace impersonation: ogd-analytics, ogd-platform, dms-backendJun 16, 2026
Iyun 17, 2026
npmkriptodao-shartnomalar: 99.99.99 + 10 packages — CryptoDAO dependency confusion: core, sdk, bot, config, utils, deploy, signer, backend, typesJun 17, 2026
pypiteambot-ai:1.48.0 AI agent tooling targeted in PyPIJun 17, 2026
Iyun 18, 2026
npmmetrikalar-pipeline-d8k2:1.0.0 + 20 versions across Jun 18 — sustained single-day evasion campaign, republishing continuously to outlast blocklistsJun 18, 2026
npmfaqat skanerlash: 0.4.5 + 6 versions — version flooding campaignJun 18, 2026
npmrang-utils-dee0:1.0.0 + 5 generic hex-suffix packages: data-utils, string-tools, type-check, fmt-helpers, metrics-probe — scripted bulk registrationJun 18, 2026
npm@azure-laboratoriya-xizmatlari/ml-ts:99.0.0 Azure ML namespace impersonationJun 18, 2026
Iyun 19, 2026
npmtrimprompt:1.0.2 + trimprompt-hub — prompt engineering tooling targetedJun 19, 2026
npmklod-kubok:0.8.6 Claude API tooling impersonationJun 19, 2026
pypiaiaddin-agent:0.1.0 AI agent tooling targeted in PyPIJun 19, 2026
npmweb3-kripto-manzil-utils:0.1.0 Web3 utility targetingJun 19, 2026

2-hafta: 135 dan ortiq posilka topildi

Ekosistema To'plam sana
Iyun 7, 2026
npm@solana-labs/web3.js:1.0.0 + 5 variants — Solana ecosystem typosquat campaign, first waveJun 7, 2026
npm@jisan901/teamfocus:1.0.0 + 2 versionsJun 7, 2026
npm@sflyinc-knapsack/shutterfly-reaksiya:999.0.0 Dependency confusion, inflated versionJun 7, 2026
Iyun 8, 2026
npm@solana-labs/web3.js:1.98.102 + 9 variants — Solana ecosystem typosquat campaign, second waveJun 8, 2026
pypihelixagentai:0.1.3 AI agent tooling targeted in PyPIJun 8, 2026
Iyun 9, 2026
npm@nstrlabs/sdk:99.0.0 + 7 packages — dependency confusion against internal monorepo namespaceJun 9, 2026
npm@klapp-login-platforma/mahalliy-sdk:99.0.0 + 9 packages — authentication platform impersonation across multiple klapp namespacesJun 9, 2026
npmblokcheyn-yordamchisi-0:1.0.0 + 7 packages — crypto/DeFi utility cluster targeting Web3 developersJun 9, 2026
npm@card-pci-data/store:99.0.0 Payment card data namespace targetedJun 9, 2026
Iyun 10, 2026
npmmorningstar-dizayn-tizimi: 99.0.0 + 2 versions — financial design system impersonationJun 10, 2026
Iyun 11, 2026
npmpocteszep:1.0.1 + 5 versions published same dayJun 11, 2026
npm@coze-common/chat-area:99.1.1 AI chat platform namespace impersonationJun 11, 2026
pypitelegramlite:1.0.0 + 1 version — messaging platform impersonation in PyPIJun 11, 2026
Iyun 12, 2026
npmecto-corsair-whisper-6f3b9:1.0.18 + 7 ecto-* variants — obfuscated name clusterJun 12, 2026
npminternallib_v984:1.0.3 + internallib_v557 cluster — 13 versions of internal library impostorsJun 12, 2026
npmsayohatchi-veb:999.0.0 Dependency confusion, inflated versionJun 12, 2026
pypicdjeez:0.32.0Jun 12, 2026

1-hafta: 118 dan ortiq posilka topildi

Ekosistema To'plam sana
, 30 2026 mumkin
npm@cloudplatform-single-spa/administration: 99.99.100 Dependency confusion, inflated version, 30 2026 mumkin
vscodexampp-menejeri: 5.1.3 VSCode extension — developer tool impersonation, 30 2026 mumkin
Iyun 1, 2026
npm@tse-raqamli/yadro:99.0.0 Dependency confusion — @telenor-se and @ownit also hitJun 1, 2026
npmcms-storehub:1.3.4 + 2 versions, CMS namespace clusterJun 1, 2026
npm@antoncallahan/aws-user-helper:6767.67.69 + 6 versions, inflated version numbers targeting AWS credentialsJun 1, 2026
npmbemor hujjatlari: 75.0.0 Healthcare namespace targetJun 1, 2026
npm@emcd-vue/auth:6.4.9 Crypto exchange namespace impersonationJun 1, 2026
pypisimtooreal-cli:0.3.0Jun 1, 2026
Iyun 2, 2026
npmsezgirlik: 2.5.8 + 70 versions across 2.5.x range, Jun 2–5 — dominant campaign of the periodJun 2, 2026
npm@langgraphjs/toolkit:1.2.10 LangGraph tooling targetedJun 2, 2026
Iyun 4, 2026
npm@sentry-browser-sdk/profiling-node:1.0.1 + 2 versions, Sentry namespace impersonationJun 4, 2026
npminternallib_v346:1.0.3 + 2 versions, internal library impostorJun 4, 2026
npmai-sdk-yordamchilari: 0.2.1 + 7 versions, targeting AI SDK toolingJun 4, 2026

Stop Malicious Code Before It Reaches Your Pipeline

Software supply chain threats have moved well past theoretical. Dependency confusion attacks, credential stealers, AI-targeted malware, and poisoned developer tooling are hitting real teams in real SDLCs every week.

Xygeni's zararli dasturlarni aniqlash va supply chain security platform gives organizations the visibility to catch malicious dependencies before they execute on a developer machine, enter a build system, or reach production. Coverage spans npm, PyPI, VSCode, and beyond, monitoring for suspicious publishing patterns, namespace abuse, typosquatting, and AI-native attack techniques as they emerge.

Every finding is automatically prioritized by exploitability, reachability, and business impact, so your team focuses on what actually needs fixing, not noise.

Whether it’s a malicious open-source package, a compromised developer tool, or an AI-generated code risk, Xygeni keeps security and engineering teams one step ahead of the supply chain threat landscape.

Explore every malicious package and campaign validated by the Xygeni Security Team in the Zararli kod dayjesti.

Xavfsiz bo'ling. Tez bo'ling. Xygeni bilan nazoratni saqlang.

sca-vositalari-dasturiy ta'minot-kompozitsiya-tahlil-vositalari
Dasturiy ta'minot xavflaringizni ustuvorlashtiring, bartaraf eting va himoya qiling
Bepul hisobingizni oling.
Kredit karta talab qilinmaydi.

Dasturiy ta'minotingizni ishlab chiqish va yetkazib berishni ta'minlang

Xygeni mahsulot to'plami bilan