upload-to-play-store@1.0.2Malicious

Verified

Analysed at: 11/24/25, 10:22 AM

Source: https://registry.npmjs.org/upload-to-play-store/-/upload-to-play-store-1.0.2.tgz

SHA256: 7ae986aa69bc2cab82da9fe4ba16f3084a47db40071bb76b1221c7ed3937d9bc

Confidence: High

Summary

Note: This report is updated by a verification record

Suspicious preinstall script and bash persistence attempts indicate potential malware.

Verification Record

Confirmed malicious package as part of coordinated supply chain attack targeting npm ecosystem

Details

Note: This report is updated by a verification record

The package exhibits multiple suspicious behaviors. The package.json includes a preinstall script that executes node setup_bun.js, which is flagged as suspicious. Both bun_environment.js and setup_bun.js trigger the bash_persist_persistent YARA rule, indicating potential attempts to modify bash startup files for persistence. The combination of these factors suggests malicious intent.

Summary

Note: This report is updated by a verification record

Suspicious preinstall script and bash persistence attempts indicate potential malware.

Verification Record

Confirmed malicious package as part of coordinated supply chain attack targeting npm ecosystem

Details

Note: This report is updated by a verification record

upload-to-play-store@1.0.2Malicious

Verified

Analysed at: 11/24/25, 10:22 AM

Source: https://registry.npmjs.org/upload-to-play-store/-/upload-to-play-store-1.0.2.tgz

SHA256: 7ae986aa69bc2cab82da9fe4ba16f3084a47db40071bb76b1221c7ed3937d9bc

Confidence: High