@ensdomains/ccip-read-worker-viem
MAL-2025-190725
npmmalware11/24/2025
Description
Malicious code in @ensdomains/ccip-read-worker-viem (npm)
Indicators of Compromise
SHA256 Hashes (4)
7f1bb2155c329c533747095a843514e71c518ee8ad24adc976516564dd4605a9
57b104a492d5893772494de67a98f0114e695a8d24e0444d12d0963029fc4b32
b162fbb0647ca930b4ec8594d4317ce91970c3b905ae4a904f4b4034a92db181
9ca84514150232e25a61bdecf7a00797cd9c2e80056b35159603da3322b321ba
References (4)
https://github.com/advisories/GHSA-g8cp-w9cm-p948OSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-g8cp-w9cm-p948
Quick Actions