@velora-dex/sdk
@velora-dex/sdk is identified in the SafeDep analysis "Malicious @velora-dex/sdk Delivers Go RAT via npm". Version 9.4.1 of @velora-dex/sdk, a DeFi SDK with ~2,000 weekly downloads, was compromised to deliver a Go-based remote access trojan (minirat) targeting macOS developers.
discovered 2026-04-08
Threat types
ratpersistencecrypto_drainer
Malicious versions
- 1.0.0
Campaigns
Indicators
- domain89.36.224.5communicates-with
- domaindatahub.inkcommunicates-with
- domaincloud-sync.onlinecommunicates-with
- domainbyte-io.uscommunicates-with
- domainapi.ipify.orgcommunicates-with
- domainipinfo.iocommunicates-with
- ipv489.36.224.5communicates-with
- ipv4208.115.220.17communicates-with
- sha2560a8ab3d16b12d3a453ee5a3208fe04744ad54514ef8ea27bb8fe32679efad270indicates
- sha2560b028b781950641818800fee2b4bf68e4ef2bcee53fe71a21755275ba108783dindicates
- sha1dfd224461edb06c556ee0d5677bd78ddda80b910indicates
Techniques
- ttpT1195.001 Supply Chain Compromise: Compromise Software Dependencies and Development Toolsuses
- ttpT1059.007 Command and Scripting Interpreter: JavaScriptuses
- ttpT1041 Exfiltration Over C2 Channeluses
- ttpT1552.004 Unsecured Credentials: Private Keysuses
- ttpT1105 Ingress Tool Transferuses
- ttpT1071.001 Application Layer Protocol: Web Protocolsuses
- ttpT1546 Event Triggered Executionuses
