@ensdomains/subdomain-registrar
MAL-2025-190812
npmmalware11/24/2025
Description
Malicious code in @ensdomains/subdomain-registrar (npm)
Indicators of Compromise
SHA256 Hashes (4)
5a8bbc5751d5df4950e6276acee56cd7c6e77067ab50b19e5f65a5b8e1f0bc4a
401414959edb6c3fa49058cca521272f84ed2c1e5aef8d7cacadb50696789ba5
31a568985b248d05ca367f19d12ed1dabc6cafa55ff9b13d4d41fa172d395f6b
bccf3e2efb0bb45a910c0baf52766e3dbe7b3da9d7592d9b55016dd22e923656
References (4)
https://github.com/advisories/GHSA-8fxj-7qgm-q65wOSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-8fxj-7qgm-q65w
Quick Actions