quickswap-ads-list
MAL-2025-191404
npmmalware11/25/2025
Description
Malicious code in quickswap-ads-list (npm)
Indicators of Compromise
SHA256 Hashes (3)
750084574526f0f7b169de5fd72fc30191579d4d9c0f3aee0e093cff709d7f37
7a51e9188f2b9786cc34efba72bae1dbcf1b659db890a4b5d133a8b94ea60c13
ce1540a2660a781727df79ba662b2337f659aae8ec32454decc5c59412ce2914
References (4)
https://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSVhttps://github.com/advisories/GHSA-6p37-f5x8-p8fhOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/25/2025
Aliases
GHSA-6p37-f5x8-p8fh
Quick Actions