malware npm

@emcd-vue/b2b-pay-form

discovered 2026-06-01

Wave 3 dependency confusion package published by emcd-vue on 2026-06-01. Version not fully documented. Confirmed same npm account and scope; full version string not recovered in analysis. Operator stated 4 packages total across the wave; this is the fourth confirmed name.

more…

Threat types

dependency_confusion credential_stealer data_exfiltration c2_agent

Malicious versions

unknown

Campaigns

oob-moika-tech-depconf-2026attributed-to

Indicators

url https://oob.moika.tech/reportexfiltrates-to

Read the full analysis →