Malware in db-convertor
Malware discovered in the npm package db-convertor. Systems with this package installed or running should be considered fully compromised. All secrets and keys must be rotated from a different computer.
- Disclosed
- Last updated
- Blast radius
- Any system with db-convertor installed or running
- Ecosystems
- Attack vectors
- Affected entities
- db-convertor
The npm package db-convertor has been identified as containing malware. According to the GitHub advisory, any computer that has this package installed or running should be considered fully compromised.\n\nImmediate action is required: all secrets and keys stored on affected computers should be rotated immediately from a different, uncompromised system. The package should be removed, though full removal of all malicious software cannot be guaranteed given the potential for complete system compromise.\n\nThe advisory indicates that an outside entity may have gained full control of affected systems through this package.
Indicators of compromise
- Packages
- db-convertor
Remediation
- Immediately rotate all secrets and keys from a different, uncompromised computer
- Remove the db-convertor package from all affected systems
- Conduct a full security audit of any system that had db-convertor installed
- Consider the affected system(s) as potentially fully compromised and take appropriate incident response measures
- Review system logs for any suspicious activity or unauthorized access
- Assume that removing the package may not remove all malicious software; consider full system rebuild if critical systems are affected
Sources
- GitHub Advisory GHSA-p467-3jcx-48q5 · GitHub Advisory Database
Cite this entry
"Malware in db-convertor." supplychainattack.org, Supply Chain Attack Incident Catalog. Disclosed July 2, 2026; last updated July 2, 2026. https://supplychainattack.org/incident/malware-in-db-convertor-i9go7c
Suggest a correction
Found an error or have a newer source? Corrections to factual errors take priority over new entries.
Related incidents
- resolvedcritical
Malware in @modhamanish/rn-mm-template
The npm package @modhamanish/rn-mm-template contained malware that provided full system compromise to attackers. Any computer with this package installed should be considered fully compromised and all secrets and keys rotated immediately.
npmCompromised package - containedcritical
Malware in tailwind-animates
Malware was discovered in the npm package tailwind-animates. Systems with this package installed are considered fully compromised and require immediate remediation.
npmCompromised package - activecritical
Malware in vitest-agent
Malware was discovered in the npm package vitest-agent. Systems with this package installed or running are considered fully compromised and require immediate remediation.
npmCompromised package - activecritical
Malware in tailwind-typography-stylecss
Malware discovered in the npm package tailwind-typography-stylecss. Systems with this package installed are considered fully compromised and require immediate remediation.
npmCompromised package