Velora (formerly ParaSwap) SDK Version 9.4.1 Compromised And Installing Malware
ID: 164e05d3-d3a9-5869-b9e4-35f2e080c574
STIX ID: report--164e05d3-d3a9-5869-b9e4-35f2e080c574
Feed Name: OpenSourceMalware Blog
Date Published: 2026-04-08
Date Updated: 2026-06-20
Author: c0a15726-c5b1-4b0d-85e6-fe15553df9e2
This report documents a supply-chain compromise in the npm package @velora-dex/sdk v9.4.1 where a base64-encoded payload in package/dist/index.js decodes and runs a curl-downloaded shell script from http://89.36.224.5/troubleshoot/mac/install.sh, enabling silent background execution, persistence via nohup, and arbitrary code execution; version 9.4.2 removed the malicious code and the report includes IoCs, detection commands, remediation guidance, and secure development recommendations.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
