Secure your dependencies. Ship with confidence.

This code performs immediate exfiltration of all process environment variables to a third-party collector. Treat this as malicious in almost all contexts. Remove the code, consider all environment-held secrets compromised, rotate credentials and keys, and audit systems for other backdoors or similar files. Do not run this package in production or on sensitive hosts.

Live on npm for 1 day, 23 hours and 39 minutes before removal. Socket users were protected even while the package was live.

The code sends sensitive credentials from environment variables over an unencrypted HTTP connection to an external API service at api[.]sqhyw[.]net:90. It authenticates using username/password from the YEZI_USER environment variable, retrieves access tokens, and automates the process of obtaining mobile phone numbers and SMS verification codes. This behavior poses significant supply chain security risks through: (1) leakage of environment variable credentials over unencrypted HTTP, (2) interaction with a suspicious external domain on a non-standard port, (3) logging of potentially sensitive API responses including tokens and SMS codes, and (4) facilitation of SMS verification bypass which could enable fraudulent account creation or spam activities. The code continuously polls the external API for up to 120 seconds to retrieve SMS codes, creating additional operational risks. While not containing traditional malware payloads, the credential exfiltration and suspicious external communication patterns justify classification as malware due to the significant security risks posed to systems that deploy this code.

The code exhibits several characteristics of potentially malicious behavior, such as obfuscation, information leakage, encryption/decryption to hide actions, and aggressive file operations. There is a high risk associated with using this code as it could lead to system compromise or data exfiltration.

The source code contains suspicious and potentially malicious behavior by uploading arbitrary local files and detailed metadata to a remote server using hardcoded authentication tokens and device identifiers. This constitutes a significant security risk involving unauthorized data exfiltration and privacy violation. Although no direct malware payload like reverse shells or destructive actions are present, the code should be considered high risk and likely malicious due to its data exfiltration capabilities and lack of user transparency.

This package exhibits clear malicious behavior by performing unauthorized data collection and transmission. It systematically gathers sensitive system information, user details, and repository data, then transmits this to external servers without user consent. This constitutes a supply chain attack disguised as a build metrics tool, with high privacy violation and security risks.

This file executes a shell command that collects system data (including /etc/passwd, hostname, working directory, and Desktop file listings) and sends it to http://7bd7-197-55-10-187[.]ngrok[.]io without user consent. The behavior demonstrates data exfiltration and aligns with malware.

Live on npm for 9 hours and 1 minute before removal. Socket users were protected even while the package was live.

The code fragment demonstrates a runtime-loading, obfuscated payload mechanism capable of decrypting and executing hidden code. The combination of embedded resource payloads, heavy obfuscation, dynamic method generation, and cryptographic routines strongly indicates potential backdoor or supply-chain payload behavior. While not conclusive proof of active malware within this isolated fragment, the risk profile is high and warrants immediate containment actions (quarantine/remediation) and authoritative provenance validation before distribution. A comprehensive audit of the full package and its resources is recommended.

The code sends sensitive credentials from environment variables over an unencrypted HTTP connection to an external API service at api[.]sqhyw[.]net:90. It authenticates using username/password from the YEZI_USER environment variable, retrieves access tokens, and automates the process of obtaining mobile phone numbers and SMS verification codes. This behavior poses significant supply chain security risks through: (1) leakage of environment variable credentials over unencrypted HTTP, (2) interaction with a suspicious external domain on a non-standard port, (3) logging of potentially sensitive API responses including tokens and SMS codes, and (4) facilitation of SMS verification bypass which could enable fraudulent account creation or spam activities. The code continuously polls the external API for up to 120 seconds to retrieve SMS codes, creating additional operational risks. While not containing traditional malware payloads, the credential exfiltration and suspicious external communication patterns justify classification as malware due to the significant security risks posed to systems that deploy this code.

The module contains high-risk operations: executing arbitrary shell commands via subprocess with shell=True and writing/appending to files without validation. If the steps JSON or the user input is untrusted, an attacker can achieve remote code execution, modify arbitrary files, and change process state (cwd). There are no signs of network exfiltration or hardcoded credentials in this fragment, but the command execution sink is sufficient to escalate to any of those behaviors if exploited. Recommendation: treat inputs (steps, file names, user-provided suggested commands) as untrusted; remove shell=True or use argument lists, validate and canonicalize file paths, avoid executing suggested commands automatically, and employ strict prompting and auditing. Overall this code is not itself evidently obfuscated or explicitly malicious, but it poses a significant supply-chain/runtime risk when given untrusted instructions.

Live on PyPI for 5 days, 11 hours and 37 minutes before removal. Socket users were protected even while the package was live.

This module is not obviously containing intentionally hidden malware in itself (no obfuscation or hardcoded exfiltration), but it provides powerful primitives that make it high risk in a supply-chain context. The primary risks are arbitrary shell execution (subprocess.Popen with shell=True on external data) and unsanitized file writes (append to arbitrary paths). Combined with opaque external agents that produce steps and may perform network I/O, this creates a moderate-to-high security risk: an attacker who can influence step data, agent outputs, or stdin can execute commands, modify files, and potentially exfiltrate data. Strong mitigation (whitelisting allowed commands, validating file paths to restrict writes within repo, running with least privilege, auditing agent communications) is required before trusting this code in production.

Live on PyPI for 5 days, 18 hours and 35 minutes before removal. Socket users were protected even while the package was live.

The source code is a static HTML fragment embedding numerous external links to suspicious domains associated with adult and pirated content. While no direct malware or executable code is present, the embedded external links pose a significant security risk as they may lead to malware, phishing, or inappropriate content. The code is not obfuscated and contains no hardcoded credentials or backdoors. Given the lack of executable logic but presence of suspicious external references, this code should be considered a security risk and avoided in software supply chains.

This file implements a reverse-TCP remote agent/backdoor. It accepts commands from a remote controller and can write arbitrary files, read and exfiltrate arbitrary files, create directories, execute a local program (evaluator.exe) with attacker-supplied content, and load and invoke a native DLL with attacker-supplied data. There is no authentication, encryption, or sanitization. Even with one small coding bug in the download send call, the intended behavior is clearly malicious-capable: unauthorized remote control and data exfiltration. Do not run or include this package in trusted environments.

This code is a clear reverse shell/backdoor: it creates an outbound TCP connection to a remote host, accepts commands from that host, executes them locally via a shell, and returns output. It provides full remote code execution and data exfiltration capabilities. Treat as malicious and high-risk — do not run, include, or trust this module. If discovered on systems, isolate and investigate potential compromise.

This script contains high-risk behaviors. The most critical issues are: (1) unconditional torch.load() of discovered .pt files (pickle deserialization) which can execute arbitrary code if a checkpoint is malicious, and (2) constructing and executing shell commands via os.system with unsanitized path insertion (shell injection risk). Additionally, it will recursively search and resume many checkpoints, launching silent background processes that can exhaust resources. If this code runs in environments where attacker-controlled files or paths exist (typical in shared CI runners, build hosts, or during dependency installation), it is dangerous and should not be used without strict file trust guarantees and proper sanitization/quoting. Recommended fixes: avoid loading untrusted checkpoints; validate and strictly control checkpoint sources; use torch.load with appropriate map_location and safer deserialization patterns (avoid pickle when possible); avoid os.system with untrusted interpolated values — use subprocess with args list and proper quoting; do not background/redirect silently.

This code implements a clear reverse shell/backdoor: it connects to a remote host and bridges a local interactive shell to that connection, enabling remote command execution and data exfiltration with no access control or encryption. It is malicious or at minimum extremely dangerous in most contexts and should be treated as a high-risk backdoor. Remove or sandbox it and treat any package containing this code as compromised unless its presence is explicitly required and authorized.

This code contains a heavily obfuscated runtime loader that decrypts embedded resources and performs low-level native operations to allocate executable memory, write and patch code pointers and invoke native code in-process. It also contains capabilities to modify runtime/JIT internals and to write into process memory (including /proc/self/mem and WriteProcessMemory) and to open other processes. These behaviors are consistent with malicious loaders, in-memory code injection, or backdoors. I recommend treating this package as malicious and not using it. If encountered in a supply chain, isolate and remove, and investigate downstream use/execution.

This module collects LinkedIn session cookies from the caller and transmits them to a hardcoded external AWS API Gateway endpoint. That behavior is a high-risk credential exfiltration pattern consistent with malicious harvesting or misuse. The email/notification functionality and randomized sleep are secondary behaviors that could facilitate social engineering and evasion. Treat the code as dangerous in untrusted contexts: do not provide real LinkedIn credentials to it, and avoid running it until the endpoint and maintainers are verified. If this appears in a public package, consider it potentially malicious and remove or isolate it.

This module exhibits high-risk, likely malicious behavior: it logs plaintext credentials to a local file and transmits them to a hard-coded external host over unencrypted HTTP, and it creates privileged local user accounts (is_staff=True). Combined, these actions match credential harvesting/backdoor patterns. The presence of an undefined return variable is a bug but does not mitigate the credential leak. Recommend immediate removal/quarantine, revocation of any credentials that passed through this code, investigation of systems for /var/tmp/mylog, and audit of created user accounts and logs.

The code is designed to exfiltrate sensitive system information to an external server without user consent, indicating malicious intent. The use of network requests to 'pingb.in' for data exfiltration is a serious security risk.

Live on npm for 6 hours and 57 minutes before removal. Socket users were protected even while the package was live.

The code sends sensitive data to an unauthorized or malicious domain using DNS queries, and poses a high security risk. It should be removed immediately from any project.

posting_zon markets itself as a Windows-only WordPress bulk-poster, enticing grey-hat marketers who want to blast articles across multiple sites. When launched it opens a Korean-language Glimmer-DSL-LibUI dialog that asks for the target site’s WordPress admin username and password. Immediately after those values are submitted (before any content automation begins) the script silently bundles the plaintext credentials with the host’s MAC address and POSTs the payload to https://programzon[.]com/auth/program/signin, infrastructure controlled by the zon threat actor. The MAC address serves as a persistent hardware fingerprint, letting the threat actor correlate victims across separate installations and campaigns. Although the gem proceeds with its promised mass-posting routine, this covert exfiltration turns posting_zon into an infostealer: users seeking aggressive WordPress automation instead surrender their own sensitive credentials to the threat actor behind the wider “zon” malware cluster.

This code performs immediate exfiltration of all process environment variables to a third-party collector. Treat this as malicious in almost all contexts. Remove the code, consider all environment-held secrets compromised, rotate credentials and keys, and audit systems for other backdoors or similar files. Do not run this package in production or on sensitive hosts.

Live on npm for 1 day, 23 hours and 39 minutes before removal. Socket users were protected even while the package was live.

The code sends sensitive credentials from environment variables over an unencrypted HTTP connection to an external API service at api[.]sqhyw[.]net:90. It authenticates using username/password from the YEZI_USER environment variable, retrieves access tokens, and automates the process of obtaining mobile phone numbers and SMS verification codes. This behavior poses significant supply chain security risks through: (1) leakage of environment variable credentials over unencrypted HTTP, (2) interaction with a suspicious external domain on a non-standard port, (3) logging of potentially sensitive API responses including tokens and SMS codes, and (4) facilitation of SMS verification bypass which could enable fraudulent account creation or spam activities. The code continuously polls the external API for up to 120 seconds to retrieve SMS codes, creating additional operational risks. While not containing traditional malware payloads, the credential exfiltration and suspicious external communication patterns justify classification as malware due to the significant security risks posed to systems that deploy this code.

The code exhibits several characteristics of potentially malicious behavior, such as obfuscation, information leakage, encryption/decryption to hide actions, and aggressive file operations. There is a high risk associated with using this code as it could lead to system compromise or data exfiltration.

The source code contains suspicious and potentially malicious behavior by uploading arbitrary local files and detailed metadata to a remote server using hardcoded authentication tokens and device identifiers. This constitutes a significant security risk involving unauthorized data exfiltration and privacy violation. Although no direct malware payload like reverse shells or destructive actions are present, the code should be considered high risk and likely malicious due to its data exfiltration capabilities and lack of user transparency.

This package exhibits clear malicious behavior by performing unauthorized data collection and transmission. It systematically gathers sensitive system information, user details, and repository data, then transmits this to external servers without user consent. This constitutes a supply chain attack disguised as a build metrics tool, with high privacy violation and security risks.

This file executes a shell command that collects system data (including /etc/passwd, hostname, working directory, and Desktop file listings) and sends it to http://7bd7-197-55-10-187[.]ngrok[.]io without user consent. The behavior demonstrates data exfiltration and aligns with malware.

Live on npm for 9 hours and 1 minute before removal. Socket users were protected even while the package was live.

The code fragment demonstrates a runtime-loading, obfuscated payload mechanism capable of decrypting and executing hidden code. The combination of embedded resource payloads, heavy obfuscation, dynamic method generation, and cryptographic routines strongly indicates potential backdoor or supply-chain payload behavior. While not conclusive proof of active malware within this isolated fragment, the risk profile is high and warrants immediate containment actions (quarantine/remediation) and authoritative provenance validation before distribution. A comprehensive audit of the full package and its resources is recommended.

The code sends sensitive credentials from environment variables over an unencrypted HTTP connection to an external API service at api[.]sqhyw[.]net:90. It authenticates using username/password from the YEZI_USER environment variable, retrieves access tokens, and automates the process of obtaining mobile phone numbers and SMS verification codes. This behavior poses significant supply chain security risks through: (1) leakage of environment variable credentials over unencrypted HTTP, (2) interaction with a suspicious external domain on a non-standard port, (3) logging of potentially sensitive API responses including tokens and SMS codes, and (4) facilitation of SMS verification bypass which could enable fraudulent account creation or spam activities. The code continuously polls the external API for up to 120 seconds to retrieve SMS codes, creating additional operational risks. While not containing traditional malware payloads, the credential exfiltration and suspicious external communication patterns justify classification as malware due to the significant security risks posed to systems that deploy this code.

The module contains high-risk operations: executing arbitrary shell commands via subprocess with shell=True and writing/appending to files without validation. If the steps JSON or the user input is untrusted, an attacker can achieve remote code execution, modify arbitrary files, and change process state (cwd). There are no signs of network exfiltration or hardcoded credentials in this fragment, but the command execution sink is sufficient to escalate to any of those behaviors if exploited. Recommendation: treat inputs (steps, file names, user-provided suggested commands) as untrusted; remove shell=True or use argument lists, validate and canonicalize file paths, avoid executing suggested commands automatically, and employ strict prompting and auditing. Overall this code is not itself evidently obfuscated or explicitly malicious, but it poses a significant supply-chain/runtime risk when given untrusted instructions.

Live on PyPI for 5 days, 11 hours and 37 minutes before removal. Socket users were protected even while the package was live.

This module is not obviously containing intentionally hidden malware in itself (no obfuscation or hardcoded exfiltration), but it provides powerful primitives that make it high risk in a supply-chain context. The primary risks are arbitrary shell execution (subprocess.Popen with shell=True on external data) and unsanitized file writes (append to arbitrary paths). Combined with opaque external agents that produce steps and may perform network I/O, this creates a moderate-to-high security risk: an attacker who can influence step data, agent outputs, or stdin can execute commands, modify files, and potentially exfiltrate data. Strong mitigation (whitelisting allowed commands, validating file paths to restrict writes within repo, running with least privilege, auditing agent communications) is required before trusting this code in production.

Live on PyPI for 5 days, 18 hours and 35 minutes before removal. Socket users were protected even while the package was live.

The source code is a static HTML fragment embedding numerous external links to suspicious domains associated with adult and pirated content. While no direct malware or executable code is present, the embedded external links pose a significant security risk as they may lead to malware, phishing, or inappropriate content. The code is not obfuscated and contains no hardcoded credentials or backdoors. Given the lack of executable logic but presence of suspicious external references, this code should be considered a security risk and avoided in software supply chains.

This file implements a reverse-TCP remote agent/backdoor. It accepts commands from a remote controller and can write arbitrary files, read and exfiltrate arbitrary files, create directories, execute a local program (evaluator.exe) with attacker-supplied content, and load and invoke a native DLL with attacker-supplied data. There is no authentication, encryption, or sanitization. Even with one small coding bug in the download send call, the intended behavior is clearly malicious-capable: unauthorized remote control and data exfiltration. Do not run or include this package in trusted environments.

This code is a clear reverse shell/backdoor: it creates an outbound TCP connection to a remote host, accepts commands from that host, executes them locally via a shell, and returns output. It provides full remote code execution and data exfiltration capabilities. Treat as malicious and high-risk — do not run, include, or trust this module. If discovered on systems, isolate and investigate potential compromise.

This script contains high-risk behaviors. The most critical issues are: (1) unconditional torch.load() of discovered .pt files (pickle deserialization) which can execute arbitrary code if a checkpoint is malicious, and (2) constructing and executing shell commands via os.system with unsanitized path insertion (shell injection risk). Additionally, it will recursively search and resume many checkpoints, launching silent background processes that can exhaust resources. If this code runs in environments where attacker-controlled files or paths exist (typical in shared CI runners, build hosts, or during dependency installation), it is dangerous and should not be used without strict file trust guarantees and proper sanitization/quoting. Recommended fixes: avoid loading untrusted checkpoints; validate and strictly control checkpoint sources; use torch.load with appropriate map_location and safer deserialization patterns (avoid pickle when possible); avoid os.system with untrusted interpolated values — use subprocess with args list and proper quoting; do not background/redirect silently.

This code implements a clear reverse shell/backdoor: it connects to a remote host and bridges a local interactive shell to that connection, enabling remote command execution and data exfiltration with no access control or encryption. It is malicious or at minimum extremely dangerous in most contexts and should be treated as a high-risk backdoor. Remove or sandbox it and treat any package containing this code as compromised unless its presence is explicitly required and authorized.

This code contains a heavily obfuscated runtime loader that decrypts embedded resources and performs low-level native operations to allocate executable memory, write and patch code pointers and invoke native code in-process. It also contains capabilities to modify runtime/JIT internals and to write into process memory (including /proc/self/mem and WriteProcessMemory) and to open other processes. These behaviors are consistent with malicious loaders, in-memory code injection, or backdoors. I recommend treating this package as malicious and not using it. If encountered in a supply chain, isolate and remove, and investigate downstream use/execution.

This module collects LinkedIn session cookies from the caller and transmits them to a hardcoded external AWS API Gateway endpoint. That behavior is a high-risk credential exfiltration pattern consistent with malicious harvesting or misuse. The email/notification functionality and randomized sleep are secondary behaviors that could facilitate social engineering and evasion. Treat the code as dangerous in untrusted contexts: do not provide real LinkedIn credentials to it, and avoid running it until the endpoint and maintainers are verified. If this appears in a public package, consider it potentially malicious and remove or isolate it.

This module exhibits high-risk, likely malicious behavior: it logs plaintext credentials to a local file and transmits them to a hard-coded external host over unencrypted HTTP, and it creates privileged local user accounts (is_staff=True). Combined, these actions match credential harvesting/backdoor patterns. The presence of an undefined return variable is a bug but does not mitigate the credential leak. Recommend immediate removal/quarantine, revocation of any credentials that passed through this code, investigation of systems for /var/tmp/mylog, and audit of created user accounts and logs.

The code is designed to exfiltrate sensitive system information to an external server without user consent, indicating malicious intent. The use of network requests to 'pingb.in' for data exfiltration is a serious security risk.

Live on npm for 6 hours and 57 minutes before removal. Socket users were protected even while the package was live.

The code sends sensitive data to an unauthorized or malicious domain using DNS queries, and poses a high security risk. It should be removed immediately from any project.

posting_zon markets itself as a Windows-only WordPress bulk-poster, enticing grey-hat marketers who want to blast articles across multiple sites. When launched it opens a Korean-language Glimmer-DSL-LibUI dialog that asks for the target site’s WordPress admin username and password. Immediately after those values are submitted (before any content automation begins) the script silently bundles the plaintext credentials with the host’s MAC address and POSTs the payload to https://programzon[.]com/auth/program/signin, infrastructure controlled by the zon threat actor. The MAC address serves as a persistent hardware fingerprint, letting the threat actor correlate victims across separate installations and campaigns. Although the gem proceeds with its promised mass-posting routine, this covert exfiltration turns posting_zon into an infostealer: users seeking aggressive WordPress automation instead surrender their own sensitive credentials to the threat actor behind the wider “zon” malware cluster.