Skip to content
supplychainattack.orgSupply chain attack incident catalog
activecritical

Malware in new-solt-1

Malware discovered in the npm package new-solt-1. Systems with this package installed or running are considered fully compromised and require immediate remediation.

ShareXLinkedInHacker News
Disclosed
Last updated
Blast radius
Any system with the package installed or running
Ecosystems
npm
Attack vectors
Compromised package
Affected entities
  • new-solt-1

A malicious npm package named new-solt-1 has been identified and published to the npm registry. The package contains malware that grants full control of affected systems to an outside entity.\n\nAny computer with this package installed or running should be considered fully compromised. The advisory recommends immediate rotation of all secrets and keys from a different, unaffected computer. While the package should be removed, complete removal of all malicious software cannot be guaranteed due to the level of system compromise.\n\nThis incident was disclosed via GitHub Advisory GHSA-9jrq-rph3-6qqm on 2026-06-23.

Indicators of compromise

Packages
  • new-solt-1

Remediation

  • Immediately identify all systems with new-solt-1 installed or running
  • Rotate all secrets, keys, and credentials from a different, unaffected computer
  • Remove the new-solt-1 package from all affected systems
  • Perform comprehensive security audit and malware scanning on all affected systems
  • Consider full system rebuild or replacement if compromise is confirmed
  • Monitor affected systems for signs of persistent malware or unauthorized access

Sources

  1. GitHub Advisory GHSA-9jrq-rph3-6qqm · GitHub Advisory Database

Cite this entry

"Malware in new-solt-1." supplychainattack.org, Supply Chain Attack Incident Catalog. Disclosed June 23, 2026; last updated June 23, 2026. https://supplychainattack.org/incident/malware-in-new-solt-1-5b5t9h

Suggest a correction

Found an error or have a newer source? Corrections to factual errors take priority over new entries.

Related incidents

  1. containedcritical

    Malware in crud-respect

    The npm package crud-respect was found to contain malware. Any computer with this package installed or running should be considered fully compromised. All secrets and keys must be rotated from a different computer.

    npmCompromised package
  2. activecritical

    Malware in chai-as-attested

    The npm package chai-as-attested contains malware that provides full system compromise to attackers. Any computer with this package installed should be considered fully compromised and all secrets and keys should be rotated immediately from a different machine.

    npmCompromised package
  3. resolvedcritical

    Malware in eslint-helper-1

    Malware was discovered in the npm package eslint-helper-1, resulting in full system compromise for any computer with the package installed or running. All secrets and keys on affected systems should be rotated immediately from a different computer.

    npmCompromised package
  4. activecritical

    Malware in onboarding-respects-modal

    Malware discovered in the npm package onboarding-respects-modal. Systems with this package installed are considered fully compromised and require immediate remediation.

    npmCompromised package