JFrog Security Research
< Back

Malicious Packages

Last Updated On 8 Jun. 2022

692
Malicious packages
disclosed
  • twitter
    ks-log - an obfuscated PII stealer
    npm<1k total downloads
    Published on 8 Jun. 2022
  • twitter
    @sorare-marketplace/components - a Discord token stealer
    npm<1k total downloads
    Published on 8 Jun. 2022
  • twitter
    angieslist-gulp-build-tasks - a Discord token stealer
    npm<1k total downloads
    Published on 8 Jun. 2022
  • twitter
    api-extractor-test-01 - a Discord token stealer
    npm<1k total downloads
    Published on 8 Jun. 2022
  • twitter
    next-plugin-normal - a Discord token stealer
    npm<1k total downloads
    Published on 8 Jun. 2022
  • twitter
    @commercialsalesandmarketing/contact-search - a Discord token stealer
    npm<1k total downloads
    Published on 8 Jun. 2022
  • twitter
    videojs-vtt - a Discord token stealer
    npm<1k total downloads
    Published on 8 Jun. 2022
  • twitter
    polymer-shim-styles - a Discord token stealer
    npm<1k total downloads
    Published on 8 Jun. 2022
  • twitter
    elysium-ui - a Discord token stealer
    npm<1k total downloads
    Published on 8 Jun. 2022
  • twitter
    threatresponse - a Discord token stealer
    npm<1k total downloads
    Published on 8 Jun. 2022