victoria-wallet-utils@0.1.1Malicious

Verified

Analysed at: 11/24/25, 3:50 PM

Source: https://registry.npmjs.org/victoria-wallet-utils/-/victoria-wallet-utils-0.1.1.tgz

SHA256: 9bcd2d40ba0bd56be08222218a45635ce3890ec78ee5ab75ca83857a16dcff1a

Confidence: High

Summary

Note: This report is updated by a verification record

Malicious package due to suspicious preinstall script executing arbitrary code and attempts to access bash startup files for persistence.

Verification Record

Confirmed malicious package as part of coordinated supply chain attack targeting npm ecosystem

Details

Note: This report is updated by a verification record

The package exhibits multiple suspicious behaviors. The package.json contains a preinstall script that executes node setup_bun.js, which is flagged as suspicious by the LLM. Both bun_environment.js and setup_bun.js access multiple bash startup files, indicating potential persistence attempts. The combination of these factors suggests malicious intent.

Summary

Note: This report is updated by a verification record

Malicious package due to suspicious preinstall script executing arbitrary code and attempts to access bash startup files for persistence.

Verification Record

Confirmed malicious package as part of coordinated supply chain attack targeting npm ecosystem

Details

Note: This report is updated by a verification record

victoria-wallet-utils@0.1.1Malicious

Verified

Analysed at: 11/24/25, 3:50 PM

Source: https://registry.npmjs.org/victoria-wallet-utils/-/victoria-wallet-utils-0.1.1.tgz

SHA256: 9bcd2d40ba0bd56be08222218a45635ce3890ec78ee5ab75ca83857a16dcff1a

Confidence: High