malware npm

@thymelab/logfx

discovered 2026-06-23

Campaign member, masquerades as a logger utility. Version 2.15.5 ships a 282KB obfuscated payload (dist/bootstrap.js) auto-executed via postinstall 'node dist/bootstrap.js'. Same execution wrapper and payload template as the root lineage.

Threat types

credential_stealer data_exfiltration persistence typosquat

Malicious versions

  • 2.15.5 · e0c0a4156bc957fd…

Campaigns

Indicators

Techniques

Read the full analysis →