npm

@cloudplatform-single-spa/billing

Representative package from the @cloudplatform-single-spa scope (122 packages total). All packages at version 99.99.99 published by mr.4nd3r50n on 2026-05-27T21:15 UTC. 120 carry active postinstall payloads; 2 are no-payload placeholders. Packages mirror internal cloud platform services: billing, VPC, Kubernetes, ML inference, IAM, certificate manager, object storage, VDI, bare metal servers, observability, and more.

discovered 2026-05-28

Threat types

dependency_confusioncredential_stealerdata_exfiltrationc2_agent

Malicious versions

99.99.99

Campaigns

oob-moika-tech-depconf-2026attributed-to

Indicators

domainoob.moika.techcommunicates-with
urlhttps://oob.moika.tech/reportexfiltrates-to
urlhttps://oob.moika.tech/payload/mac.jscommunicates-with
urlhttps://oob.moika.tech/payload/win.jscommunicates-with
urlhttps://oob.moika.tech/payload/linux.jscommunicates-with
file_path._cloudplatform-single-spa_init.jsdrops
domaintelemetry.cloudplatform-single-spa.iocommunicates-with
domainnpm.cloudplatform-single-spa.iocommunicates-with

Techniques

ttpT1195.001 Supply Chain Compromise: Compromise Software Dependencies and Development Toolsuses
ttpT1041 Exfiltration Over C2 Channeluses
ttpT1059.007 Command and Scripting Interpreter: JavaScriptuses
ttpT1036 Masqueradinguses
ttpT1105 Ingress Tool Transferuses
ttpT1546 Event Triggered Executionuses
ttpT1497 Virtualization/Sandbox Evasionuses
ttpREADME Telemetry Disclosure Social Engineeringuses

Read the full analysis →