Last active
September 9, 2025 10:33
-
-
Save mnordin/0c17666ce7993f6e90705771b88ffd5c to your computer and use it in GitHub Desktop.
npm debug malware check for MacOS
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # install ripgrep (optional, but way faster) | |
| brew install ripgrep | |
| # Use grep f you do not have ripgrep. This will take some time. | |
| cd / && sudo grep -nr '_0x124ed3' 2>&1 | grep -v "Operation not permitted" | |
| # You will get a bunch of permission errors, these are expected | |
| # Filter them out by |grep -v "Operation not permitted" | |
| # Check for keyword match for the malware in all js files on your computer | |
| cd / && sudo rg -u --max-columns=80 _0x112fa8 --glob '*.js' 2>&1 | grep -v "Operation not permitted" | |
| # If you have matches, you may have been compromised 😢 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment