Moshe Siman Tov Bustan(@MosheTov):🚨 NPM Malware-slop Alert!🚨 We detected and reported a malware-slop package to npm - the malware uses it's OWN PRIVATE GitHub token, which is EMBEDDED INSIDE the malware itself - to read sensitive information and upload it to the threat actor's GitHub repository. The malware is still live on npm - https://t.co/uH8mU1a4dw The threat actor's GitHub page was opened 5h ago - https://t.co/WhqZ6BaLRM Detailed report will be published tomorrow.

Moshe Siman Tov Bustan

@MosheTov

Security Research Team Lead @OX__Security Guitars @CompileBand 23x CVEs 3x Conference Talks

Joined October 2013

485 Following 868 Followers

Moshe Siman Tov Bustan@MosheTov

2026.05.26 19:06

🚨 NPM Malware-slop Alert!🚨 We detected and reported a malware-slop package to npm - the malware uses it's OWN PRIVATE GitHub token, which is EMBEDDED INSIDE the malware itself - to read sensitive information and upload it to the threat actor's GitHub repository. The malware is still live on npm - The threat actor's GitHub page was opened 5h ago - Detailed report will be published tomorrow.