Skip to content
supplychainattack.orgSupply chain attack incident catalog
activecritical

Malware in db-convertor

Malware discovered in the npm package db-convertor. Systems with this package installed or running should be considered fully compromised. All secrets and keys must be rotated from a different computer.

ShareXLinkedInHacker News
Disclosed
Last updated
Blast radius
Any system with db-convertor installed or running
Ecosystems
Attack vectors
Affected entities
  • db-convertor

The npm package db-convertor has been identified as containing malware. According to the GitHub advisory, any computer that has this package installed or running should be considered fully compromised.\n\nImmediate action is required: all secrets and keys stored on affected computers should be rotated immediately from a different, uncompromised system. The package should be removed, though full removal of all malicious software cannot be guaranteed given the potential for complete system compromise.\n\nThe advisory indicates that an outside entity may have gained full control of affected systems through this package.

Indicators of compromise

Packages
  • db-convertor

Remediation

  • Immediately rotate all secrets and keys from a different, uncompromised computer
  • Remove the db-convertor package from all affected systems
  • Conduct a full security audit of any system that had db-convertor installed
  • Consider the affected system(s) as potentially fully compromised and take appropriate incident response measures
  • Review system logs for any suspicious activity or unauthorized access
  • Assume that removing the package may not remove all malicious software; consider full system rebuild if critical systems are affected

Sources

  1. GitHub Advisory GHSA-p467-3jcx-48q5 · GitHub Advisory Database

Cite this entry

"Malware in db-convertor." supplychainattack.org, Supply Chain Attack Incident Catalog. Disclosed July 2, 2026; last updated July 2, 2026. https://supplychainattack.org/incident/malware-in-db-convertor-i9go7c

Suggest a correction

Found an error or have a newer source? Corrections to factual errors take priority over new entries.

  1. resolvedcritical

    Malware in @modhamanish/rn-mm-template

    The npm package @modhamanish/rn-mm-template contained malware that provided full system compromise to attackers. Any computer with this package installed should be considered fully compromised and all secrets and keys rotated immediately.

    npmCompromised package
  2. containedcritical

    Malware in tailwind-animates

    Malware was discovered in the npm package tailwind-animates. Systems with this package installed are considered fully compromised and require immediate remediation.

    npmCompromised package
  3. activecritical

    Malware in vitest-agent

    Malware was discovered in the npm package vitest-agent. Systems with this package installed or running are considered fully compromised and require immediate remediation.

    npmCompromised package
  4. activecritical

    Malware in tailwind-typography-stylecss

    Malware discovered in the npm package tailwind-typography-stylecss. Systems with this package installed are considered fully compromised and require immediate remediation.

    npmCompromised package