malware npm

zredis-typed

discovered 2026-05-26

zredis-typed is a Wave 4 package in the forge-jsx RAT campaign, published by donimique ([email protected]) on 2026-07-05, 30 minutes after zod-pino444 v1.0.131. Only known version. Uses the same rotated AES key as zod-pino434, zod-pino444, and pinokio-redis (byte-identical deploymentCipherData.js -- single shared build). C2 config decrypts to publicHost 212.193.3.61, relayPort 9877, apiPort 8765, defaultExplorerPassword 'secret'. Durable directory hardcoded as .forge-jsxy. README.md is literally titled '# forge-jsx'.

Threat types

rat credential_stealer data_exfiltration persistence c2_agent crypto_drainer

Malicious versions

  • 1.0.127 · a1853a45bcb561f9…

Campaigns

Indicators

Techniques

Read the full analysis →