npm · Malicious package advisory
Malwarekiota-typescript
MAL-2025-68
Malicious code in kiota-typescript (npm)
Details
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- _-= Per source details. Do not edit below this line.=-_
Compromised versions (1)
- 9.9.9
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.