malware
npm
@thymelab/logfx
discovered 2026-06-23Campaign member, masquerades as a logger utility. Version 2.15.5 ships a 282KB obfuscated payload (dist/bootstrap.js) auto-executed via postinstall 'node dist/bootstrap.js'. Same execution wrapper and payload template as the root lineage.
Threat types
credential_stealer data_exfiltration persistence typosquat
Malicious versions
- 2.15.5 · e0c0a4156bc957fd…