malware npm
react-refresh-update
discovered 2026-03-16react-refresh-update is identified in the SafeDep analysis "Malicious npm Package react-refresh-update Drops Cross-Platform Trojan on Developer Machines". >
Threat types
credential_stealer data_exfiltration typosquat
Malicious versions
- 1.0.0
- 1.0.1
- 1.0.2
- 1.0.3
- 1.0.4
- 2.0.5
Campaigns
Indicators
- domain malicanbur.procommunicates-with
- ipv4 31.220.48.155communicates-with
- ipv4 173.211.46.22communicates-with
- sha256 0be2375362227f846c56c4de2db4d3113e197f0c605c297a7e0e0c154e94464eindicates
- sha256 5196c3a832897e30c26da768379750bd3c886890e74d0f28a8921bbd19b553fcindicates
- email jaimeandujo086@gmail.comexfiltrates-to
Techniques
- ttp T1195.001 Supply Chain Compromise: Compromise Software Dependencies and Development Toolsuses
- ttp T1059.007 Command and Scripting Interpreter: JavaScriptuses
- ttp T1036 Masqueradinguses
- ttp T1552.001 Unsecured Credentials: Credentials In Filesuses
- ttp T1041 Exfiltration Over C2 Channeluses
- ttp T1105 Ingress Tool Transferuses
- ttp T1071.001 Application Layer Protocol: Web Protocolsuses
