Malicious Package in github.com/ordinarymea/tnsr_ids

Q: How to fix?

Avoid using all malicious instances of the github.com/ordinarymea/tnsr_ids package.

Threat Intelligence

Attacked

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-GOLANG-GITHUBCOMORDINARYMEATNSRIDS-11951444
published17 Aug 2025
disclosed14 Aug 2025
creditOlivia Brown

Report a new vulnerability Found a mistake?

Introduced: 14 Aug 2025

New Malicious CWE-506 (opens in a new tab)

How to fix?

Avoid using all malicious instances of the github.com/ordinarymea/tnsr_ids package.

Overview

github.com/ordinarymea/tnsr_ids is a malicious package. This package contains malicious code designed to provide attackers with on-demand remote access to a developer's system or CI/CD environment. The package and some other variants use typosquatting to imitate legitimate packages. Upon installation, the code silently executes a shell command to download a second-stage payload from a remote command-and-control (C2) server. This payload is then executed in memory, giving the attacker control over the compromised system.

References

The Hacker News Article

CVSS Base Scores

version 4.0

version 3.1

Attack Vector (AV)
Network
Attack Complexity (AC)
Low
Attack Requirements (AT)
None
Privileges Required (PR)
None
User Interaction (UI)
None

Confidentiality (VC)
High
Integrity (VI)
High
Availability (VA)
High

Confidentiality (SC)
None
Integrity (SI)
None
Availability (SA)
None

Malicious Package Affecting github.com/ordinarymea/tnsr_ids package, versions *

Severity