Skip to content
supplychainattack.orgSupply chain attack incident catalog
containedcritical

Malware in theta-sdk

The npm package theta-sdk was compromised and distributed with malware. Any system with the package installed or running should be considered fully compromised.

ShareXLinkedInHacker News
Disclosed
Last updated
Blast radius
Any system with theta-sdk installed or running
Ecosystems
npm
Attack vectors
Compromised package
Affected entities
  • theta-sdknpm package containing malware

The npm package theta-sdk was found to contain malware. According to the GitHub Advisory (GHSA-x7m6-5hw9-gj7f), any computer that has this package installed or running should be considered fully compromised.\n\nImmediate action is required: all secrets and keys stored on affected computers should be rotated immediately from a different, unaffected computer. While the package should be removed, there is no guarantee that removal will eliminate all malicious software that may have been installed as a result of the compromise.\n\nThe advisory was published on 2026-06-11 via the GitHub Advisory Database.

Indicators of compromise

Packages
  • theta-sdk

Remediation

  • Immediately rotate all secrets and keys stored on affected computers from a different, unaffected computer
  • Remove the theta-sdk package from all systems
  • Assume full system compromise and conduct forensic analysis
  • Monitor affected systems for signs of persistent malware or unauthorized access
  • Review system logs and network traffic for indicators of compromise

Sources

  1. GitHub Advisory GHSA-x7m6-5hw9-gj7f · GitHub Advisory Database

Cite this entry

"Malware in theta-sdk." supplychainattack.org, Supply Chain Attack Incident Catalog. Disclosed June 11, 2026; last updated June 11, 2026. https://supplychainattack.org/incident/malware-in-theta-sdk-h6eiek

Suggest a correction

Found an error or have a newer source? Corrections to factual errors take priority over new entries.

Related incidents

  1. activecritical

    Malware in um4r719-baileys

    The npm package um4r719-baileys contains malware that grants full control of affected systems. Any computer with this package installed should be considered fully compromised and all secrets and keys should be rotated immediately from a different machine.

    npmCompromised package
  2. activecritical

    Malware in ecto-flag-read-m7p2

    The npm package ecto-flag-read-m7p2 contains malware that grants full system compromise to an outside entity. Any computer with this package installed or running should be considered fully compromised.

    npmCompromised package
  3. activecritical

    Malware in ecto-spirit-win-k4n8

    Malware discovered in the npm package ecto-spirit-win-k4n8. Systems with this package installed are considered fully compromised and require immediate remediation.

    npmCompromised package
  4. activecritical

    Malware in transportator

    The npm package transportator contains malware that grants full system compromise to attackers. Any computer with this package installed or running should be considered fully compromised and all secrets and keys rotated immediately from a different machine.

    npmCompromised package