New Blog: Mini Shai-Hulud "Miasma" Hits @redhat-cloud-services: 32 Packages at Risk
Edit Calendar Icon 1 Jun 2026
SafeDep Logo
malware npm

js-digest

discovered 2026-06-11

Second-stage npm package used in the Atomic Arch wave-2 / later variant, installed via bun by trojanized AUR PKGBUILDs. Publisher herbsobering. Embeds a Linux ELF payload (SHA256 7883bda1ff15425f2dbe622c45a3ae105ddfa6175009bbf0b0cad9bf5c79b316). Subsequently removed from npm.

Threat types

credential_stealer data_exfiltration other

Malicious versions

  • *

Campaigns

Indicators

Techniques

Read the full analysis →