⚠️September 5, 2023: This appears to be an ongoing campaign with additional packages published. The package timeline table has been updated to reflect this.
Phylum has been extremely busy in the past few weeks, reporting on
On the afternoon of September 1, 2023 Phylum's automated risk detection platform flagged two new publications of the https://app.phylum.io/package/npm/hardhat-gas-report/1.1.17 package. It turns out these updates included a
On the morning of August 24, Phylum's automated risk detection system identified a suspicious package published to npm called “emails-helper." A deeper investigation revealed that this package was part of an intricate attack involving Base64-encoded and
Phylum routinely identifies malware and other software supply chain attacks targeting high-value, critical assets: an organization’s software developers. Most recently, we’ve reported on a flurry of sophisticated attacks targeting JavaScript developers, respawning malware on
