logo

Velora (formerly ParaSwap) SDK Version 9.4.1 Compromised And Installing Malware

ID: 164e05d3-d3a9-5869-b9e4-35f2e080c574

STIX ID: report--164e05d3-d3a9-5869-b9e4-35f2e080c574

Feed Name: OpenSourceMalware Blog

Threat Score
80/100

Date Published: 2026-04-08

Date Updated: 2026-06-20

Author: c0a15726-c5b1-4b0d-85e6-fe15553df9e2

...
...

This report documents a supply-chain compromise in the npm package @velora-dex/sdk v9.4.1 where a base64-encoded payload in package/dist/index.js decodes and runs a curl-downloaded shell script from http://89.36.224.5/troubleshoot/mac/install.sh, enabling silent background execution, persistence via nohup, and arbitrary code execution; version 9.4.2 removed the malicious code and the report includes IoCs, detection commands, remediation guidance, and secure development recommendations.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.