malware
npm
@bytemend/mfebus
discovered 2026-06-23Campaign member. Version 1.4.2 ships a ~277KB obfuscated payload (dist/bootstrap.js) auto-executed via postinstall 'node dist/bootstrap.js'. Latest 1.4.5 scrubbed to empty scripts. Same execution wrapper and javascript-obfuscator toolchain as the @apexcraft/nano-key root lineage.
Threat types
credential_stealer data_exfiltration persistence typosquat
Malicious versions
- 1.4.2 · 6b02aef19764aa5f…