drop-events-on-property-plugin
MAL-2025-191394
npmmalware11/25/2025
Description
Malicious code in drop-events-on-property-plugin (npm)
Indicators of Compromise
SHA256 Hashes (3)
7491735851cc3c4e363b579ed9a0e6365134a2efa15061fb22c6fed56bb98332
9ec0ea7d31f1e0fec815bf2b3893bc6e320c5c3e309b43d22130d5af8a52a033
718b654dca46082bb92d4511ff45044cead3f14493b0fde276c29dd24e66d81b
References (8)
https://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSVhttps://socket.dev/blog/shai-hulud-strikes-again-v2OSVhttps://checkmarx.com/zero-post/shai-huluds-second-coming-npm-malware-attack-evolvedOSVhttps://www.veracode.com/blog/return-of-the-shai-hulud-wormOSVhttps://www.reversinglabs.com/blog/another-shai-hulud-npm-worm-is-spreading-heres-what-you-need-to-knowOSVhttps://www.koi.ai/incident/live-updates-sha1-hulud-the-second-coming-hundred-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/25/2025
Quick Actions