capacitor-plugin-scgssigninwithgoogle
MAL-2025-190765
npmmalware11/24/2025
Description
Malicious code in capacitor-plugin-scgssigninwithgoogle (npm)
Indicators of Compromise
SHA256 Hashes (3)
4525f68cbed421748f3df761fdcb83a7977e7a307a47bcddf47cbbf6a0ca547e
9b87f31a2266c9633975e61214361882324c01060c614e04b15ac2e3a570fe6f
9a1c6537a8d1421886264b4e0dec318f21e88818a0fa66136f9e4281f29ffa71
References (4)
https://github.com/advisories/GHSA-j9cw-mx5f-7vpvOSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-j9cw-mx5f-7vpv
Quick Actions