Exfiltration Over C2 Channel
Collected credentials, files, or host data are sent to attacker-controlled infrastructure.
discovered 2025-08-12
Seen in packages
- pypibitensoruses
- pypibittenso-cliuses
- pypiqbittensoruses
- pypibittensouses
- npmnxuses
- npm@nx/jsuses
- npmansi-stylesuses
- npmdebuguses
- npmchalkuses
- npmsupports-coloruses
- npmstrip-ansiuses
- npmansi-regexuses
- npmwrap-ansiuses
- npmcolor-convertuses
- npmcolor-nameuses
- npmis-arrayishuses
- npmslice-ansiuses
- npmerror-exuses
- npmcolor-stringuses
- npmsimple-swizzleuses
- npmsupports-hyperlinksuses
- npmhas-ansiuses
- npmchalk-templateuses
- npmbackslashuses
- npm@ctrl/tinycoloruses
- npm@zapier/zapier-sdkuses
- npm@asyncapi/specsuses
- npm@quick-start-soft/quick-markdown-printuses
- npm@quick-start-soft/quick-markdownuses
- npm@quick-start-soft/quick-remove-image-backgrounduses
- npm@quick-start-soft/quick-git-clean-markdownuses
- npm@quick-start-soft/quick-document-translatoruses
- npm@quick-start-soft/quick-markdown-imageuses
- npm@quick-start-soft/quick-task-refineuses
- npm@asyncapi/modelinauses
- npmposthog-react-nativeuses
- npmposthog-nodeuses
- npm@postman/secret-scanner-wasmuses
- npm@postman/csv-parseuses
- npm@postman/node-keytaruses
- npm@postman/tunnel-agentuses
- npm@postman/wdio-allure-reporteruses
- npm@postman/postman-mcp-cliuses
- npm@postman/mcp-ui-clientuses
- npm@postman/wdio-junit-reporteruses
- npm@postman/pm-bin-macos-arm64uses
- npm@postman/pm-bin-linux-x64uses
- npm@postman/aether-iconsuses
- npm@Schedaero/shareduses
- npmpino-sdk-v2uses
- npmreact-refresh-updateuses
- pypilitellmuses
- npmoc-aa-module-clientuses
- npm@wame/ngx-adfsuses
- npm@the-coca-cola-company/ngps-global-common-utilsuses
- npmcr-static-shared-componentsuses
- npm@ceeferenderer/fe-renderer-sdkuses
- pypitelnyxuses
- npmexpress-session-jsuses
- npmmgcuses
- pypihermes-pxuses
- npm@fairwords/websocketuses
- npm@fairwords/loopback-connector-esuses
- npm@fairwords/encryptionuses
- npm@velora-dex/sdkuses
- npmsjs-bigintegeruses
- npmsjs-lint-build1uses
- npmbjs-bigintegeruses
- npmbjs-lint-builderuses
- npmbjs-lint-buildersuses
- npmcjs-bigintegeruses
- npmts-lint-buildsuses
- npmdom-utils-liteuses
- npmcentraloggeruses
- npmforge-jsxuses
- npm@johntaohunter/forge-jsxuses
- npmjs-logger-packuses
- npmixpresso-coreuses
- npmgodsplanuses
- npmeyevoxuses
- npm@cap-js/sqliteuses
- npm@cap-js/postgresuses
- npm@cap-js/db-serviceuses
- npmmbtuses
- npmnpm-global-utiluses
- npmredeem-onchain-sdkuses
- pypipytorch-lightninguses
- npmexioussuses
- npmcommon-tg-serviceuses
- npmnode-env-resolveuses
- npmnoon-contractsuses
- npm@tanstack/arktype-adapteruses
- npm@tanstack/eslint-plugin-routeruses
- npm@tanstack/eslint-plugin-startuses
- npm@tanstack/historyuses
- npm@tanstack/nitro-v2-vite-pluginuses
- npm@tanstack/react-routeruses
- npm@tanstack/react-router-devtoolsuses
- npm@tanstack/react-router-ssr-queryuses
- npm@tanstack/react-startuses
- npm@tanstack/react-start-clientuses
- npm@tanstack/react-start-rscuses
- npm@tanstack/react-start-serveruses
- npm@tanstack/router-cliuses
- npm@tanstack/router-coreuses
- npm@tanstack/router-devtoolsuses
- npm@tanstack/router-devtools-coreuses
- npm@tanstack/router-generatoruses
- npm@tanstack/router-pluginuses
- npm@tanstack/router-ssr-query-coreuses
- npm@tanstack/router-utilsuses
- npm@tanstack/router-vite-pluginuses
- npm@tanstack/solid-routeruses
- npm@tanstack/solid-router-devtoolsuses
- npm@tanstack/solid-router-ssr-queryuses
- npm@tanstack/solid-startuses
- npm@tanstack/solid-start-clientuses
- npm@tanstack/solid-start-serveruses
- npm@tanstack/start-client-coreuses
- npm@tanstack/start-fn-stubsuses
- npm@tanstack/start-plugin-coreuses
- npm@tanstack/start-server-coreuses
- npm@tanstack/start-static-server-functionsuses
- npm@tanstack/start-storage-contextuses
- npm@tanstack/valibot-adapteruses
- npm@tanstack/virtual-file-routesuses
- npm@tanstack/vue-routeruses
- npm@tanstack/vue-router-devtoolsuses
- npm@tanstack/vue-router-ssr-queryuses
- npm@tanstack/vue-startuses
- npm@tanstack/vue-start-clientuses
- npm@tanstack/vue-start-serveruses
- npm@tanstack/zod-adapteruses
- npmnode-ipcuses
- npm@antv/a8uses
- npm@antv/adjustuses
- npm@antv/algorithmuses
- npm@antv/async-hookuses
- npm@antv/attruses
- npm@antv/avauses
- npm@antv/ava-reactuses
- npm@antv/awardsuses
- npm@antv/calendar-heatmapuses
- npm@antv/chart-linteruses
- npm@antv/chart-node-g6uses
- npm@antv/chart-visualization-skillsuses
- npm@antv/ckbuses
- npm@antv/color-schemauses
- npm@antv/color-utiluses
- npm@antv/componentuses
- npm@antv/coorduses
- npm@antv/d3-coloruses
- npm@antv/d3-interpolateuses
- npm@antv/data-samplesuses
- npm@antv/data-setuses
- npm@antv/data-wizarduses
- npm@antv/dipper-componentuses
- npm@antv/dipper-hooksuses
- npm@antv/dipper-mapuses
- npm@antv/dom-utiluses
- npm@antv/dumi-theme-antvuses
- npm@antv/dw-analyzeruses
- npm@antv/dw-randomuses
- npm@antv/dw-transformuses
- npm@antv/dw-utiluses
- npm@antv/event-emitteruses
- npm@antv/expruses
- npm@antv/f2uses
- npm@antv/f2-algorithmuses
- npm@antv/f2-canvasuses
- npm@antv/f2-contextuses
- npm@antv/f2-graphicuses
- npm@antv/f2-myuses
- npm@antv/f2-reactuses
- npm@antv/f2-siteuses
- npm@antv/f2-vueuses
- npm@antv/f2-wordclouduses
- npm@antv/f2-wxuses
- npm@antv/f6uses
- npm@antv/f6-alipayuses
- npm@antv/f6-coreuses
- npm@antv/f6-elementuses
- npm@antv/f6-hammerjsuses
- npm@antv/f6-pluginuses
- npm@antv/f6-uiuses
- npm@antv/f6-wxuses
- npm@antv/f-chartsuses
- npm@antv/f-engineuses
- npm@antv/f-lottieuses
- npm@antv/f-myuses
- npm@antv/f-reactuses
- npm@antv/f-test-utilsuses
- npm@antv/f-vueuses
- npm@antv/f-wxuses
- npm@antv/g2uses
- npm@antv/g2-brushuses
- npm@antv/g2-extension-3duses
- npm@antv/g2-extension-avauses
- npm@antv/g2-extension-plotuses
- npm@antv/g2plotuses
- npm@antv/g2plot-schemasuses
- npm@antv/g2-plugin-slideruses
- npm@antv/g2-ssruses
- npm@antv/guses
- npm@antv/g6uses
- npm@antv/g6-alipayuses
- npm@antv/g6-cliuses
- npm@antv/g6-coreuses
- npm@antv/g6-editoruses
- npm@antv/g6-elementuses
- npm@antv/g6-extension-3duses
- npm@antv/g6-extension-reactuses
- npm@antv/g6-mobileuses
- npm@antv/g6-pcuses
- npm@antv/g6-pluginuses
- npm@antv/g6-plugin-map-viewuses
- npm@antv/g6-pluginsuses
- npm@antv/g6-react-nodeuses
- npm@antv/g6-ssruses
- npm@antv/g6-wxuses
- npm@antv/gatsby-themeuses
- npm@antv/g-baseuses
- npm@antv/g-camera-apiuses
- npm@antv/g-canvasuses
- npm@antv/g-canvaskituses
- npm@antv/g-compatuses
- npm@antv/g-componentsuses
- npm@antv/g-css-layout-apiuses
- npm@antv/g-css-typed-om-apiuses
- npm@antv/g-device-apiuses
- npm@antv/g-dom-mutation-observer-apiuses
- npm@antv/geo-coorduses
- npm@antv/g-gestureuses
- npm@antv/gi-assets-advanceuses
- npm@antv/gi-assets-algorithmuses
- npm@antv/gi-assets-basicuses
- npm@antv/gi-assets-galaxybaseuses
- npm@antv/gi-assets-graphscopeuses
- npm@antv/gi-assets-hugegraphuses
- npm@antv/gi-assets-janusgraphuses
- npm@antv/gi-assets-neo4juses
- npm@antv/gi-assets-sceneuses
- npm@antv/gi-assets-tugraphuses
- npm@antv/gi-assets-tugraph-analyticsuses
- npm@antv/gi-assets-xlabuses
- npm@antv/gi-cliuses
- npm@antv/gi-common-componentsuses
- npm@antv/g-image-exporteruses
- npm@antv/gi-mock-datauses
- npm@antv/gi-public-datauses
- npm@antv/gi-sdkuses
- npm@antv/gi-sdk-appuses
- npm@antv/gi-theme-antduses
- npm@antv/github-config-cliuses
- npm@antv/g-layout-blocklikeuses
- npm@antv/g-liteuses
- npm@antv/gl-matrixuses
- npm@antv/g-lottie-playeruses
- npm@antv/g-mathuses
- npm@antv/g-mobileuses
- npm@antv/g-mobile-canvasuses
- npm@antv/g-mobile-canvas-elementuses
- npm@antv/g-mobile-svguses
- npm@antv/g-mobile-webgluses
- npm@antv/g-patternuses
- npm@antv/g-perfuses
- npm@antv/g-plugin-3duses
- npm@antv/g-plugin-a11yuses
- npm@antv/g-plugin-annotationuses
- npm@antv/g-plugin-box2duses
- npm@antv/g-plugin-canvaskit-rendereruses
- npm@antv/g-plugin-canvas-path-generatoruses
- npm@antv/g-plugin-canvas-pickeruses
- npm@antv/g-plugin-canvas-rendereruses
- npm@antv/g-plugin-controluses
- npm@antv/g-plugin-css-selectuses
- npm@antv/g-plugin-device-rendereruses
- npm@antv/g-plugin-dom-interactionuses
- npm@antv/g-plugin-dragndropuses
- npm@antv/g-plugin-gestureuses
- npm@antv/g-plugin-gpgpuuses
- npm@antv/g-plugin-html-rendereruses
- npm@antv/g-plugin-image-loaderuses
- npm@antv/g-plugin-matterjsuses
- npm@antv/g-plugin-mobile-interactionuses
- npm@antv/g-plugin-physxuses
- npm@antv/g-plugin-rough-canvas-rendereruses
- npm@antv/g-plugin-rough-svg-rendereruses
- npm@antv/g-plugin-svg-pickeruses
- npm@antv/g-plugin-svg-rendereruses
- npm@antv/g-plugin-webgl-deviceuses
- npm@antv/g-plugin-webgl-rendereruses
- npm@antv/g-plugin-webgpu-deviceuses
- npm@antv/g-plugin-yogauses
- npm@antv/g-plugin-zdog-canvas-rendereruses
- npm@antv/g-plugin-zdog-svg-rendereruses
- npm@antv/gpt-visuses
- npm@antv/gpt-vis-ssruses
- npm@antv/graphinuses
- npm@antv/graphin-componentsuses
- npm@antv/graphin-graphscopeuses
- npm@antv/graphin-iconsuses
- npm@antv/graphlibuses
- npm@antv/g-shader-componentsuses
- npm@antv/g-svguses
- npm@antv/g-web-animations-apiuses
- npm@antv/g-web-componentsuses
- npm@antv/g-webgluses
- npm@antv/g-webgl-computeuses
- npm@antv/g-webgpuuses
- npm@antv/g-webgpu-compileruses
- npm@antv/g-webgpu-coreuses
- npm@antv/g-webgpu-engineuses
- npm@antv/g-webgpu-raytraceruses
- npm@antv/g-webgpu-unitchartuses
- npm@antv/hierarchyuses
- npm@antv/infographicuses
- npm@antv/insight-componentuses
- npm@antv/interactionuses
- npm@antv/istanbuluses
- npm@antv/knowledgeuses
- npm@antv/l7uses
- npm@antv/l7-componentuses
- npm@antv/l7-composite-layersuses
- npm@antv/l7-coreuses
- npm@antv/l7-districtuses
- npm@antv/l7-drawuses
- npm@antv/l7-editoruses
- npm@antv/l7-extension-g-layeruses
- npm@antv/l7-layersuses
- npm@antv/l7-leafletuses
- npm@antv/l7-mapuses
- npm@antv/l7-mapkituses
- npm@antv/l7-mapsuses
- npm@antv/l7-miniuses
- npm@antv/l7-passuses
- npm@antv/l7plotuses
- npm@antv/l7plot-componentuses
- npm@antv/l7-reactuses
- npm@antv/l7-rendereruses
- npm@antv/l7-sceneuses
- npm@antv/l7-sourceuses
- npm@antv/l7-threeuses
- npm@antv/l7-utilsuses
- npm@antv/larkmapuses
- npm@antv/layout-gpuuses
- npm@antv/layout-wasmuses
- npm@antv/li-aiearth-assetsuses
- npm@antv/li-analysis-assetsuses
- npm@antv/li-core-assetsuses
- npm@antv/li-editoruses
- npm@antv/li-p2uses
- npm@antv/li-sam-assetsuses
- npm@antv/li-sdkuses
- npm@antv/lite-insightuses
- npm@antv/matrix-utiluses
- npm@antv/mcp-server-antvuses
- npm@antv/mcp-server-chartuses
- npm@antv/my-f2uses
- npm@antv/my-f2-pcuses
- npm@antv/narrative-text-editoruses
- npm@antv/narrative-text-schemauses
- npm@antv/narrative-text-visuses
- npm@antv/path-utiluses
- npm@antv/react-guses
- npm@antv/s2uses
- npm@antv/s2-reactuses
- npm@antv/s2-react-componentsuses
- npm@antv/s2-ssruses
- npm@antv/s2-vueuses
- npm@antv/samuses
- npm@antv/scaleuses
- npm@antv/semantic-release-pnpmuses
- npm@antv/smart-coloruses
- npm@antv/statuses
- npm@antv/t8uses
- npm@antv/thumbnailsuses
- npm@antv/thumbnails-componentuses
- npm@antv/torchuses
- npm@antv/translatoruses
- npm@antv/utiluses
- npm@antv/vendoruses
- npm@antv/vis-predict-engineuses
- npm@antv/webgpu-graphuses
- npm@antv/word-scale-chartuses
- npm@antv/wx-f2uses
- npm@antv/x6uses
- npm@antv/x6-angular-shapeuses
- npm@antv/x6-commonuses
- npm@antv/x6-componentsuses
- npm@antv/x6-geometryuses
- npm@antv/x6-plugin-clipboarduses
- npm@antv/x6-plugin-dnduses
- npm@antv/x6-plugin-exportuses
- npm@antv/x6-plugin-historyuses
- npm@antv/x6-plugin-keyboarduses
- npm@antv/x6-plugin-minimapuses
- npm@antv/x6-plugin-scrolleruses
- npm@antv/x6-plugin-selectionuses
- npm@antv/x6-plugin-snaplineuses
- npm@antv/x6-plugin-stenciluses
- npm@antv/x6-plugin-transformuses
- npm@antv/x6-reactuses
- npm@antv/x6-react-componentsuses
- npm@antv/x6-react-shapeuses
- npm@antv/x6-vectoruses
- npm@antv/x6-vue3-shapeuses
- npm@antv/x6-vue-shapeuses
- npm@antv/xflowuses
- npm@antv/xflow-coreuses
- npm@antv/xflow-diffuses
- npm@antv/xflow-extensionuses
- npm@antv/xflow-hookuses
- pypidurabletaskuses
- npmpolymarket-trading-cliuses
- npmpolymarket-terminaluses
- npmpolymarket-tradeuses
- npmpolymarket-auto-tradeuses
- npmpolymarket-copy-tradinguses
- npmpolymarket-botuses
- npmpolymarket-claude-codeuses
- npmpolymarket-ai-agentuses
- npmpolymarket-traderuses
Campaigns
- Bittensor Typosquat Campaignattributed-to
- s1ngularity nx Build System Compromiseattributed-to
- qix npm Account Compromiseattributed-to
- Shai-Huludattributed-to
- Enterprise Dependency Confusionattributed-to
- No Specific Campaignattributed-to
- TeamPCPattributed-to
- fairwords Credential Wormattributed-to
- big.js Typosquat SSH Backdoorattributed-to
- tanvisoul9 npm Backdoorsattributed-to
- fucktestpad npm Malwareattributed-to
- Mini Shai-Huludattributed-to
- Crypto Wallet Drainersattributed-to
- shetty123 Telegram Hijackattributed-to
