Malicious npm package executing base64-decoded shell command to download and run stage-2 payload from C2 server (89.36.224.5) targeting macOS
-= Per source details. Do not edit below this line.=-
The package @velora-dex/sdk was found to contain malicious code.
9.4.1Exploitability
AV:NAC:LPR:NUI:NScope
S:CImpact
C:HI:HA:H10.0/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H