github_repo

InjectiveLabs/injective-ts

discovered 2026-07-09

Legitimate/VICTIM upstream repo (not attacker infrastructure). A trusted contributor's account here was compromised; attacker created a test-backdoor-check branch to validate push access before the payload commit. Compromised-version GitHub release artifacts remained downloadable on the Releases page at time of writing.

Linked packages

Read the full analysis →