Malicious Package Affecting tailwindcss-csstree package, versions *
Threat Intelligence
Snyk has reported that there have been attempts or successful attacks targeting this vulnerability.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-JS-TAILWINDCSSCSSTREE-14152329
- published1 Dec 2025
- disclosed30 Nov 2025
- creditKirill Boychenko
Introduced: 30 Nov 2025
New Malicious CVE NOT AVAILABLE CWE-506 (opens in a new tab)How to fix?
Avoid using all malicious instances of the tailwindcss-csstree package.
Overview
tailwindcss-csstree is a malicious package.
This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this package. Once installed, the package acts as a loader for the OtterCookie malware, which connects to a remote server to download and execute a payload granting the attackers full remote access to the victim's system. This malware is designed to steal cryptocurrency wallets, log keystrokes, capture screenshots, and exfiltrate sensitive credentials and files.