poper-react-sdk
MAL-2025-190856
npmmalware11/24/2025
Description
Malicious code in poper-react-sdk (npm)
Indicators of Compromise
SHA256 Hashes (4)
2c3b77a8909da7a5fe13a2fba433147468dfa75dee206eaa996325423e382445
ee86d01d82c77cc7c83c6d28159deba7fa26192da0ab69659d92f78f4d41cd60
01f8de154068722826b878e93063542da3e690cb8345f4f5a196436c1ec6c9af
1c5013c4fb85f1f29a31da9766575554a40106bf6c3e8ce6956a651919c57c37
References (4)
https://github.com/advisories/GHSA-vjcj-rxjp-6jmrOSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-vjcj-rxjp-6jmr
Quick Actions