Skip to content
supplychainattack.orgSupply chain attack incident catalog
containedcritical

Malware in evm-typechain

Malware was discovered in the npm package evm-typechain. Systems with this package installed or running are considered fully compromised and require immediate remediation including secret rotation and package removal.

ShareXLinkedInHacker News
Disclosed
Last updated
Blast radius
Any system with evm-typechain installed or running
Ecosystems
Attack vectors
Affected entities
  • evm-typechainnpm package

A malware incident was identified in the npm package evm-typechain, published as GitHub Advisory GHSA-c4gm-jp6q-h9hq on 2026-07-07.\n\nAccording to the advisory, any computer with this package installed or running should be considered fully compromised. The malware grants outside entities full control of affected systems.\n\nImmediate remediation requires rotating all secrets and keys from a different, uncompromised computer. While the package should be removed, complete removal of all malicious software cannot be guaranteed due to the level of system compromise achieved.\n\nAffected users should treat their systems as potentially containing persistent malware beyond the package itself.

Indicators of compromise

Packages
  • evm-typechain

Remediation

  • Immediately rotate all secrets, keys, and credentials from a different, uncompromised computer
  • Remove the evm-typechain package from all affected systems
  • Perform a full security audit and malware scan of any system that had evm-typechain installed
  • Review system logs and network traffic for signs of unauthorized access or data exfiltration
  • Consider full system reimaging if the system contained sensitive data or had privileged access
  • Notify any services or systems that may have been accessed using credentials stored on compromised machines

Sources

  1. GitHub Advisory GHSA-c4gm-jp6q-h9hq · GitHub Advisory Database

Cite this entry

"Malware in evm-typechain." supplychainattack.org, Supply Chain Attack Incident Catalog. Disclosed July 7, 2026; last updated July 7, 2026. https://supplychainattack.org/incident/malware-in-evm-typechain-17etjx

Suggest a correction

Found an error or have a newer source? Corrections to factual errors take priority over new entries.

  1. activecritical

    Malware in some-theme

    Malware discovered in the npm package some-theme. Any computer with this package installed or running should be considered fully compromised. All secrets and keys must be rotated immediately from a different computer.

    npmCompromised package
  2. containedcritical

    Malware in anthropic-toolkit

    Malware was discovered in the npm package anthropic-toolkit. Systems with this package installed are considered fully compromised and require immediate remediation.

    npmCompromised package
  3. containedcritical

    Malware in brunomenozzi-test-pkg

    Malware was discovered in the npm package brunomenozzi-test-pkg. Systems with this package installed or running should be considered fully compromised and require immediate remediation.

    npmCompromised package
  4. resolvedcritical

    Malware in harmony-enablers-test-2026

    Malware was discovered in the npm package harmony-enablers-test-2026. Systems with this package installed or running should be considered fully compromised, requiring immediate rotation of all secrets and keys from a separate computer.

    npmCompromised package