<p>Avoid using all malicious instances of the <code>Sys.Forms.26</code> package.</p>

Malicious Package Affecting sys.forms.26 package, versions [0,]

Snyk CVSS

Attack Complexity Low

Confidentiality High

Integrity High

Availability High

Threat Intelligence

Exploit Maturity Mature

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-DOTNET-SYSFORMS26-3370723
published 24 Mar 2023
disclosed 24 Mar 2023
credit JFrog

Report a new vulnerability Found a mistake?

Introduced: 24 Mar 2023

Malicious CWE-506 Open this link in a new tab

How to fix?

Avoid using all malicious instances of the Sys.Forms.26 package.

Overview

Sys.Forms.26 is a malicious package. This package adopts typosquatting techniques and attempts to trick users into downloading it.

It contains a PowerShell script that will execute upon installation and trigger a download of a 2nd stage payload, which can be remotely executed.

Indicators of compromise:

https[:]//discord[.]com/api/webhooks/1076330498026115102/MLkgrUiivlgAoFWyvkSpLsBE3DMaDZd9cxPK3k9XQPyh6dw55jktV6qfDgxbs5AaY7Py

62[.]182[.]84[.]61
194[.]233[.]93[.]50
195[.]58[.]39[.]167
https[:]//paste[.]bingner[.]com/paste/xden6/raw
Squirrel-2021\Updater[.]exe

References

JFrog Blog