Open-source atomic malware analysis

Analyze another

react-icons-svgo 1.5.3

NPM
Verdict: HOSTILE
AI Obfuscated install hook installs malicious plugin
Mal-ecule
K(Mc)O(S₄)H₄(CmDbFPo₄)Md₂(Pa₄)
Size 4.4 KB download
First seen 15 days ago
Analyzed 15 days ago
Package pkg:npm/[email protected]
Ecosystem javascript
Also detected by 2 sources

Loading file contents…

Loading traits…

Identity

SHA-256 46ecdd04fbdc2f905d1aa9358b5deec7e7c49de1bd65447710f60fbc0db0ab40
Canonical SHA-256 203db3200341a61cc3ae4b9c0d3369bfe9ee5aab3f1a12cac850810b851ef945
Filename react-icons-svgo-1.5.3.tgz
Package react-icons-svgo
Version 1.5.3
PURL pkg:npm/[email protected]

Origin

Source forager
Feed aikido.dev
Ecosystem javascript
Domain npmjs.org
URL https://registry.npmjs.org/react-icons-svgo/-/react-icons-svgo-1.5.3.tgz

Timeline

First seen 27 Jun 2026 23:06 UTC
First analyzed 27 Jun 2026 23:08 UTC
Last analyzed 27 Jun 2026 23:08 UTC
Last updated 28 Jun 2026 03:58 UTC

Labeling

Label bad
Label source forager
Traits version 46112