twokey

MAL-2026-4697

npmmalware5/24/2026
Description

Malicious code in twokey (npm)

Indicators of Compromise
SHA256 Hashes (10)
20c6d8e22fd03dd5ff39bac81bcbffd05db3b2a08dcf9768332094ffcca4eebd
3e99c99c6d68f67dc08105da452c97c94c708001192919dea62ce0e4a3a26559
5314d8f5cb1c73de1c6efffd1b055957a8f2dc78b1ea828a1c841eedd78a2a82
891e263399578e7ba6449fbd625f70eb93a3a6a4aa4d5cf05ad8db29bfa2292a
8eeb0ae7f4d322804acf874ab171cb8eb3c46327808556a80efcacafd61e343e
b517a8d7e82e030754a6f3e8796c273f94948d0f787427f41c10f06ac5f61d0c
40cc2b8b94b9497167993e2354800704b2d225bee157273eff906252edb889d4
884f25147369c250f3aae797c9d71a5a61d877dff3a23ad1fbf21ae8de0054c5
9d008afe51df3700da0e0a4c85d7c8e43aa4404076d4f4ef05c1956c220938aa
b186d392146b1d8ce3460080cc7889794fc0b9535f7af8c601b69d2a6c5009db
References (5)
https://www.npmjs.com/package/twokey/v/1.0.11OSVhttps://www.npmjs.com/package/twokey/v/1.0.5OSVhttps://www.npmjs.com/package/twokey/v/1.0.10OSVhttps://www.npmjs.com/package/twokey/v/1.0.7OSVhttps://www.npmjs.com/package/twokey/v/1.0.8OSV
Details
Ecosystemnpm
Attack Typemalware
Published5/24/2026
Quick Actions
All Incidentsnpm Incidents
Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives
PoC for every finding
30+ tools orchestrated
Book a DemoLearn More
Setup in 5 minutesSOC 2 & ISO 27001