malware npm
@Schedaero/shared
discovered 2026-02-25@Schedaero/shared is identified in the SafeDep analysis "Malicious npm Packages Target Schedaero via Dependency Confusion". A detailed analysis of a dependency confusion supply chain attack likely targeting Schedaero, a leading aviation software company. We dissect the payload, the exfiltration mechanism, and the indicators of compromise.
Threat types
credential_stealer data_exfiltration rat persistence dependency_confusion
Malicious versions
- 99440.540.1
Campaigns
Techniques
- ttp T1195.001 Supply Chain Compromise: Compromise Software Dependencies and Development Toolsuses
- ttp T1059.007 Command and Scripting Interpreter: JavaScriptuses
- ttp T1036 Masqueradinguses
- ttp T1552.001 Unsecured Credentials: Credentials In Filesuses
- ttp T1041 Exfiltration Over C2 Channeluses
- ttp T1105 Ingress Tool Transferuses
- ttp T1071.001 Application Layer Protocol: Web Protocolsuses
- ttp T1546 Event Triggered Executionuses
