@productdevbook/chatwoot
MAL-2025-191303
npmmalware11/25/2025
Description
Malicious code in @productdevbook/chatwoot (npm)
Indicators of Compromise
SHA256 Hashes (3)
6205073631f663aeb7edaf1d49471d5ee2359aaad0a737800b85322ac90149c0
d35c827686c294c2d41c32b3d1fd54a2bcf95b8f430812eff447277aa85a26d6
bda41100770824c109d5241de77b76c8a44d3ce71c841114d5f1d02131041ae0
References (4)
https://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSVhttps://github.com/advisories/GHSA-hc3f-8qvq-qr3vOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/25/2025
Aliases
GHSA-hc3f-8qvq-qr3v
Quick Actions