@ifings/metatron3
MAL-2025-191237
npmmalware11/24/2025
Description
Malicious code in @ifings/metatron3 (npm)
Indicators of Compromise
SHA256 Hashes (3)
32984c7e7dc62a168272965bee90eba2be340a02754656dd5380fc2973cf707f
57ba1946b2032e3447a1d15f563094b9a3d4a731bbda2ec8a3a19fd06403da80
57a921621636af2528839f2d43e08f7a4c7e22700050cf93eae192678f899ef3
References (4)
https://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSVhttps://github.com/advisories/GHSA-6wc8-6mq8-g895OSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-6wc8-6mq8-g895
Quick Actions