Secure your dependencies. Ship with confidence.

This obfuscated zhihu.js payload overwrites and proxies virtually every major browser interface (Window, Document, Navigator, Storage, Canvas, WebGL, etc.) to hide real environment values and intercept user data. It redefines document.cookie to accumulate a hidden cookie string and proxies localStorage/sessionStorage to capture all data writes. It hijacks postMessage/MessageChannel and injects webpack-style chunk loaders, enabling stealthy data channels. An exported `encrypt(e)` function computes “2.0_”+MD5(e) via a hidden window.yang pathway, likely used to fingerprint or exfiltrate input values. The code also performs dynamic `eval` in a runtime switch-case, opening arbitrary code execution. Static assets are loaded from zhihu-related domains (static[.]zhihu[.]com, zhihu[.]com, pica[.]zhimg[.]com, pic1[.]zhimg[.]com, picx[.]zhimg[.]com), suggesting a malicious extension that mimics legitimate UI while capturing and leaking data. Treat as high-risk malware.

The script is designed to send critical system information and environment variables to an external server, which is highly suspicious and indicative of malicious behavior.

Live on npm for 24 minutes before removal. Socket users were protected even while the package was live.

This code is an orchestration module that intentionally performs Man-in-the-Middle attacks (ARP spoofing, DNS spoofing, HTTP traffic modification) and modifies system iptables to redirect packets to user-space handlers. It is malicious in intent or at minimum a powerful offensive tool that can be abused for unauthorized interception and tampering of network traffic. It should not be used on networks or hosts without explicit authorization; as distributed code it represents a high-risk component.

The code fragment appears to be a highly obfuscated loader with embedded payload handling and dynamic execution capabilities. Anti-tamper checks, heavy IL emission, unmanaged interop, and cryptographic payload decryption strongly suggest concealment of behavior beyond a straightforward BIM-Fbx converter. While no explicit network exfiltration is evident in this fragment, the combination of patterns indicates a substantial security risk in a supply-chain context. Treat as high-risk pending full artifact review, verify publisher provenance, and consider re-packaging with transparent, verifiable builds or removing obfuscation.

This fragment implements a location-exfiltration agent: it reads a JSON config over a TCP socket, subscribes to device GPS/Network location updates, and streams detailed location JSON back over the socket. There is no obfuscation or dynamic code execution, but the behavior is privacy invasive and matches a backdoor/spyware pattern (continuous location exfiltration). Whether it is malicious depends on the intended use and who can connect to the socket, but from a supply-chain/security standpoint this is high-risk functionality and should be treated with suspicion and reviewed/blocked unless explicitly required and audited.

The code is largely a legitimate balance UI component, but contains a clearly malicious/unauthorized insertion: a timed routine that produces political/propaganda content and calls alert(...) and window.open(...) to open external URLs (including a .onion BBC mirror and a change.org petition). This is a supply-chain compromise or deliberate malicious insertion unrelated to the component's purpose and should be treated as malicious. Additionally, the component sends session identifiers (X-SessionId) to the endpoint and SSE URL provided by props — normal for the component but a sensitive sink: if the endpoint is attacker-controlled (for example via tampered attributes or malicious configuration), session tokens could be exfiltrated. Remediation: do not use this package version; remove or revert the injected alert/window.open code; audit the dependency source (git history, package publisher); ensure endpoints are trusted and session tokens are not sent to unknown domains. Consider rotating any session tokens used while this compromised component may have been in use.

The code is a stealthy launcher for a potentially sensitive Node.js script. The immediate code is benign as a launcher, but the overall risk depends on extract-tokens.js’s behavior. Prioritize reviewing the invoked script for token access, credential handling, or data exfiltration. The Windows-only silencing increases stealth potential.

This endpoint executes user-provided JavaScript with insufficient isolation. Although the code is not itself obfuscated or explicitly malicious, the design enables remote code execution, data exfiltration and sandbox escapes via well-known vm/context bridging techniques and prototype/constructor abuse. Key risks: untrusted script execution in vm without removing dangerous globals, passing host objects into untrusted code, invoking vm-defined functions from host without time/resource limits, and returning whatever the script can access to an external caller. Recommended mitigations: run untrusted code in a separate restricted process or container with least privilege, do not pass host objects into the sandbox, remove or replace dangerous globals and constructors, freeze prototypes, execute the returned function inside the vm with enforced timeouts or in the isolated process, and strictly validate/whitelist allowed operations. Treat this code path as high-risk for server-side code execution and data leakage until stronger isolation is implemented.

This file implements a high-impact automatic updater that, when enabled by a filesystem flag, will fetch PyPI metadata and, if a newer version exists, automatically install the 'simo' package and run multiple privileged/damaging maintenance commands (migrations, collectstatic, redis-cli flushall, supervisor restart). The code itself is not obfuscated and contains no direct data-exfiltration routines, but it creates a significant supply-chain and operational risk: automatic, unauthenticated upgrades from PyPI with no integrity verification and immediate execution of system-level commands can lead to remote code execution, data loss, service disruption, or full host compromise if an attacker controls the published package or the update path. Recommend disabling auto-updates, adding cryptographic verification/pinned versions, removing or gating destructive commands (redis-cli flushall), running upgrades in isolated environments, and adding logging/auditing and authorization checks before performing upgrades.

A script within the flagged file issues a request to grabify[.]link/CYE8J9, a domain often used for link tracking or phishing-like behavior. This request could be employed for data exfiltration, installing unauthorized software, or other malicious purposes.

Live on npm for 75 days, 7 hours and 33 minutes before removal. Socket users were protected even while the package was live.

This module contains clear capabilities for reconnaissance (host/IP/MAC), sensitive-data capture (screenshots, filesystem zipping), data exfiltration (uploads to up.ufile.io and proxying Telegram calls via an external web form), and a remote command channel (Telegram GetUpdates via proxy). These features are typical of malware (RAT/botnet client) and present a high security risk. The code also contains implementation bugs but that does not mitigate the malicious intent. The package should be treated as malicious and not used.

This Python module uses ctypes.CDLL to load a native library from a hidden “__pycache__/Backward[.]dll”, calls functions such as IsNotOlderOS and several namespace getters, and then unconditionally deletes its own source file via os.remove(__file__). Such self-deletion is a known anti-analysis technique intended to erase evidence after execution. Additionally, the file contains malformed UUID routines, undefined variables, and inconsistent logic—hallmarks of obfuscation or sabotage. Although no external network connections or domains are present in the snippet, the dynamic native code loading and self-erasure pose a severe supply-chain and runtime compromise risk.

Live on pypi for 36 minutes before removal. Socket users were protected even while the package was live.

The fragment is a highly obfuscated, packer-like JavaScript payload that executes via an eval-based loader. This pattern is strongly associated with malware/backdoors or aggressively obfuscated adware. Although explicit malicious actions are not visible in the static surface, the runtime-revealed code could perform data exfiltration, remote commands, or covert tracking once unpacked. Treat as a high-security risk and remove or isolate until a controlled deobfuscation and behavioral analysis confirm benign intent.

The code is highly suspicious and poses a severe security risk due to its behavior of collecting sensitive system information and sending it to a remote server, which could potentially be used for malicious purposes such as unauthorized access or data theft.

Live on npm for 1 hour and 47 minutes before removal. Socket users were protected even while the package was live.

This file contains an intentionally concealed Python payload (base64 + zlib) which is decoded and executed immediately via exec at import time. That pattern prevents effective static auditing and creates significant supply-chain risk because any behavior in the hidden payload will run with the importing process privileges. Without decoding the blob, the exact behavior cannot be determined from this file alone. Treat as suspicious: extract and audit the payload in a safe sandbox before use.

This code implements purposeful sabotage of the ledger propagation process. For early slots it forges the last entry's hash and broadcasts/storage-duplicates a corrupted last shred while preserving the correct shred locally and revealing it only after a configured delay. The timing and 'is_last' manipulation force peer validators into repair behavior and can cause verification failures and denial-of-service or consensus disruption. This is a high-risk, protocol-level backdoor and should be treated as malicious. Avoid deploying or accepting this code in any validator or production supply chain.

The code contains a severe security vulnerability by establishing a reverse shell connection, which indicates malicious intent. This allows unauthorized remote access to the system.

Live on npm for 21 minutes before removal. Socket users were protected even while the package was live.

The code exhibits significant risks related to data theft and unauthorized access due to its handling of user credentials and session management. The presence of hardcoded credentials and cookie manipulation further raises concerns about malicious intent.

Live on npm for 3 hours and 44 minutes before removal. Socket users were protected even while the package was live.

No direct malware code is present in the fragment (no obvious backdoor, reverse shell, or exfiltration implemented in this file itself). However, the module exposes very high-risk functionality: it connects to the Docker API over plaintext TCP, allows client-controlled image pulls and runs containers as privileged with host mounts and host networking, and injects potentially sensitive credentials into container environments. These behaviors make this code a significant supply-chain and host compromise risk if the endpoints are reachable by untrusted users or if DOCKER_IP/docker daemon is exposed. Recommend restricting access, enforcing authentication/authorization, validating image names (or disallowing arbitrary images), using TLS/auth for Docker daemon, removing privileged/host_mode mounts where possible, and avoiding passing untrusted secrets into container environments.

This module embeds and immediately executes an obfuscated payload (Base64 + zlib) via exec at import time. That is a significant supply-chain and runtime risk: it prevents source review and allows arbitrary actions with the importing process's privileges. Treat the package as untrusted until the decompressed payload is examined in a safe environment. Do not import or run this module in a production or sensitive environment until the payload is decoded and audited.

This module is an exploit: it constructs and attempts to deliver a buffer overflow attack against an FTP server by sending a specially crafted USER command containing hardcoded shellcode and an EIP overwrite. It reads the remote target from ~/config.cfg and requires operator confirmation to execute. Treat this file as malicious/hostile: do not run, remove from trusted packages, and investigate how it entered the codebase.

The code is highly obfuscated and explicitly surfaces sensitive data (webhook URL and Discord token) through a runtime deobfuscation process tied to a PyZ/pyc payload. While not showing direct network I/O in this fragment, the exposed data and the deliberate concealment strongly suggest malicious intent or high security risk within a supply-chain context. Remediation should include removing embedded credentials, preventing dynamic deobfuscation of secrets, and auditing downstream usage of webhooks and tokens.

This obfuscated zhihu.js payload overwrites and proxies virtually every major browser interface (Window, Document, Navigator, Storage, Canvas, WebGL, etc.) to hide real environment values and intercept user data. It redefines document.cookie to accumulate a hidden cookie string and proxies localStorage/sessionStorage to capture all data writes. It hijacks postMessage/MessageChannel and injects webpack-style chunk loaders, enabling stealthy data channels. An exported `encrypt(e)` function computes “2.0_”+MD5(e) via a hidden window.yang pathway, likely used to fingerprint or exfiltrate input values. The code also performs dynamic `eval` in a runtime switch-case, opening arbitrary code execution. Static assets are loaded from zhihu-related domains (static[.]zhihu[.]com, zhihu[.]com, pica[.]zhimg[.]com, pic1[.]zhimg[.]com, picx[.]zhimg[.]com), suggesting a malicious extension that mimics legitimate UI while capturing and leaking data. Treat as high-risk malware.

The script is designed to send critical system information and environment variables to an external server, which is highly suspicious and indicative of malicious behavior.

Live on npm for 24 minutes before removal. Socket users were protected even while the package was live.

This code is an orchestration module that intentionally performs Man-in-the-Middle attacks (ARP spoofing, DNS spoofing, HTTP traffic modification) and modifies system iptables to redirect packets to user-space handlers. It is malicious in intent or at minimum a powerful offensive tool that can be abused for unauthorized interception and tampering of network traffic. It should not be used on networks or hosts without explicit authorization; as distributed code it represents a high-risk component.

The code fragment appears to be a highly obfuscated loader with embedded payload handling and dynamic execution capabilities. Anti-tamper checks, heavy IL emission, unmanaged interop, and cryptographic payload decryption strongly suggest concealment of behavior beyond a straightforward BIM-Fbx converter. While no explicit network exfiltration is evident in this fragment, the combination of patterns indicates a substantial security risk in a supply-chain context. Treat as high-risk pending full artifact review, verify publisher provenance, and consider re-packaging with transparent, verifiable builds or removing obfuscation.

This fragment implements a location-exfiltration agent: it reads a JSON config over a TCP socket, subscribes to device GPS/Network location updates, and streams detailed location JSON back over the socket. There is no obfuscation or dynamic code execution, but the behavior is privacy invasive and matches a backdoor/spyware pattern (continuous location exfiltration). Whether it is malicious depends on the intended use and who can connect to the socket, but from a supply-chain/security standpoint this is high-risk functionality and should be treated with suspicion and reviewed/blocked unless explicitly required and audited.

The code is largely a legitimate balance UI component, but contains a clearly malicious/unauthorized insertion: a timed routine that produces political/propaganda content and calls alert(...) and window.open(...) to open external URLs (including a .onion BBC mirror and a change.org petition). This is a supply-chain compromise or deliberate malicious insertion unrelated to the component's purpose and should be treated as malicious. Additionally, the component sends session identifiers (X-SessionId) to the endpoint and SSE URL provided by props — normal for the component but a sensitive sink: if the endpoint is attacker-controlled (for example via tampered attributes or malicious configuration), session tokens could be exfiltrated. Remediation: do not use this package version; remove or revert the injected alert/window.open code; audit the dependency source (git history, package publisher); ensure endpoints are trusted and session tokens are not sent to unknown domains. Consider rotating any session tokens used while this compromised component may have been in use.

The code is a stealthy launcher for a potentially sensitive Node.js script. The immediate code is benign as a launcher, but the overall risk depends on extract-tokens.js’s behavior. Prioritize reviewing the invoked script for token access, credential handling, or data exfiltration. The Windows-only silencing increases stealth potential.

This endpoint executes user-provided JavaScript with insufficient isolation. Although the code is not itself obfuscated or explicitly malicious, the design enables remote code execution, data exfiltration and sandbox escapes via well-known vm/context bridging techniques and prototype/constructor abuse. Key risks: untrusted script execution in vm without removing dangerous globals, passing host objects into untrusted code, invoking vm-defined functions from host without time/resource limits, and returning whatever the script can access to an external caller. Recommended mitigations: run untrusted code in a separate restricted process or container with least privilege, do not pass host objects into the sandbox, remove or replace dangerous globals and constructors, freeze prototypes, execute the returned function inside the vm with enforced timeouts or in the isolated process, and strictly validate/whitelist allowed operations. Treat this code path as high-risk for server-side code execution and data leakage until stronger isolation is implemented.

This file implements a high-impact automatic updater that, when enabled by a filesystem flag, will fetch PyPI metadata and, if a newer version exists, automatically install the 'simo' package and run multiple privileged/damaging maintenance commands (migrations, collectstatic, redis-cli flushall, supervisor restart). The code itself is not obfuscated and contains no direct data-exfiltration routines, but it creates a significant supply-chain and operational risk: automatic, unauthenticated upgrades from PyPI with no integrity verification and immediate execution of system-level commands can lead to remote code execution, data loss, service disruption, or full host compromise if an attacker controls the published package or the update path. Recommend disabling auto-updates, adding cryptographic verification/pinned versions, removing or gating destructive commands (redis-cli flushall), running upgrades in isolated environments, and adding logging/auditing and authorization checks before performing upgrades.

A script within the flagged file issues a request to grabify[.]link/CYE8J9, a domain often used for link tracking or phishing-like behavior. This request could be employed for data exfiltration, installing unauthorized software, or other malicious purposes.

Live on npm for 75 days, 7 hours and 33 minutes before removal. Socket users were protected even while the package was live.

This module contains clear capabilities for reconnaissance (host/IP/MAC), sensitive-data capture (screenshots, filesystem zipping), data exfiltration (uploads to up.ufile.io and proxying Telegram calls via an external web form), and a remote command channel (Telegram GetUpdates via proxy). These features are typical of malware (RAT/botnet client) and present a high security risk. The code also contains implementation bugs but that does not mitigate the malicious intent. The package should be treated as malicious and not used.

This Python module uses ctypes.CDLL to load a native library from a hidden “__pycache__/Backward[.]dll”, calls functions such as IsNotOlderOS and several namespace getters, and then unconditionally deletes its own source file via os.remove(__file__). Such self-deletion is a known anti-analysis technique intended to erase evidence after execution. Additionally, the file contains malformed UUID routines, undefined variables, and inconsistent logic—hallmarks of obfuscation or sabotage. Although no external network connections or domains are present in the snippet, the dynamic native code loading and self-erasure pose a severe supply-chain and runtime compromise risk.

Live on pypi for 36 minutes before removal. Socket users were protected even while the package was live.

The fragment is a highly obfuscated, packer-like JavaScript payload that executes via an eval-based loader. This pattern is strongly associated with malware/backdoors or aggressively obfuscated adware. Although explicit malicious actions are not visible in the static surface, the runtime-revealed code could perform data exfiltration, remote commands, or covert tracking once unpacked. Treat as a high-security risk and remove or isolate until a controlled deobfuscation and behavioral analysis confirm benign intent.

The code is highly suspicious and poses a severe security risk due to its behavior of collecting sensitive system information and sending it to a remote server, which could potentially be used for malicious purposes such as unauthorized access or data theft.

Live on npm for 1 hour and 47 minutes before removal. Socket users were protected even while the package was live.

This file contains an intentionally concealed Python payload (base64 + zlib) which is decoded and executed immediately via exec at import time. That pattern prevents effective static auditing and creates significant supply-chain risk because any behavior in the hidden payload will run with the importing process privileges. Without decoding the blob, the exact behavior cannot be determined from this file alone. Treat as suspicious: extract and audit the payload in a safe sandbox before use.

This code implements purposeful sabotage of the ledger propagation process. For early slots it forges the last entry's hash and broadcasts/storage-duplicates a corrupted last shred while preserving the correct shred locally and revealing it only after a configured delay. The timing and 'is_last' manipulation force peer validators into repair behavior and can cause verification failures and denial-of-service or consensus disruption. This is a high-risk, protocol-level backdoor and should be treated as malicious. Avoid deploying or accepting this code in any validator or production supply chain.

The code contains a severe security vulnerability by establishing a reverse shell connection, which indicates malicious intent. This allows unauthorized remote access to the system.

Live on npm for 21 minutes before removal. Socket users were protected even while the package was live.

The code exhibits significant risks related to data theft and unauthorized access due to its handling of user credentials and session management. The presence of hardcoded credentials and cookie manipulation further raises concerns about malicious intent.

Live on npm for 3 hours and 44 minutes before removal. Socket users were protected even while the package was live.

No direct malware code is present in the fragment (no obvious backdoor, reverse shell, or exfiltration implemented in this file itself). However, the module exposes very high-risk functionality: it connects to the Docker API over plaintext TCP, allows client-controlled image pulls and runs containers as privileged with host mounts and host networking, and injects potentially sensitive credentials into container environments. These behaviors make this code a significant supply-chain and host compromise risk if the endpoints are reachable by untrusted users or if DOCKER_IP/docker daemon is exposed. Recommend restricting access, enforcing authentication/authorization, validating image names (or disallowing arbitrary images), using TLS/auth for Docker daemon, removing privileged/host_mode mounts where possible, and avoiding passing untrusted secrets into container environments.

This module embeds and immediately executes an obfuscated payload (Base64 + zlib) via exec at import time. That is a significant supply-chain and runtime risk: it prevents source review and allows arbitrary actions with the importing process's privileges. Treat the package as untrusted until the decompressed payload is examined in a safe environment. Do not import or run this module in a production or sensitive environment until the payload is decoded and audited.

This module is an exploit: it constructs and attempts to deliver a buffer overflow attack against an FTP server by sending a specially crafted USER command containing hardcoded shellcode and an EIP overwrite. It reads the remote target from ~/config.cfg and requires operator confirmation to execute. Treat this file as malicious/hostile: do not run, remove from trusted packages, and investigate how it entered the codebase.

The code is highly obfuscated and explicitly surfaces sensitive data (webhook URL and Discord token) through a runtime deobfuscation process tied to a PyZ/pyc payload. While not showing direct network I/O in this fragment, the exposed data and the deliberate concealment strongly suggest malicious intent or high security risk within a supply-chain context. Remediation should include removing embedded credentials, preventing dynamic deobfuscation of secrets, and auditing downstream usage of webhooks and tokens.