npm

@emcd-vue/loans

discovered 2026-06-01

Wave 3 dependency confusion package published by emcd-vue on 2026-06-01T07:05:43Z, 91 seconds after @emcd-vue/[email protected]. Identical infrastructure: same C2 endpoints (oob.moika.tech/payload, oob.moika.tech/report), same X-Secret, same payload filename (~/.emcd-vue_init.js), same User-Agent (emcd-vue-telemetry/1.0). Targets the @emcd-vue scope, impersonating EMCD's internal loan/lending modules.

Threat types

dependency_confusion credential_stealer data_exfiltration c2_agent persistence

Malicious versions

7.1.7

Campaigns

oob-moika-tech-depconf-2026attributed-to

Indicators

url https://oob.moika.tech/reportexfiltrates-to
domain oob.moika.techcommunicates-with
file_path ~/.emcd-vue_init.jsdrops

Techniques

ttp T1195.001 Supply Chain Compromise: Compromise Software Dependencies and Development Toolsuses
ttp T1036 Masqueradinguses

Read the full analysis →