MAL-2025-191168

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/vscode:open-vsx.org/sissel.shopify-liquid/MAL-2025-191168.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-191168
Published
2025-11-19T05:55:49Z
Modified
2025-11-26T00:13:27.362761Z
Summary
Malicious code in sissel.shopify-liquid (VSCode:https://open-vsx.org)
Details

-= Per source details. Do not edit below this line.=-

Source: google-open-source-security (8174c373fd818eb48388777436e30f84dcf0846593fcbddc3e73f898858a4317)

This extension is malicious. When installed it runs an info stealer that exfiltrates user data including credentials and cryptocurrency wallets. The extension also provides remote access and attempts to propagate itself.

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "4.0.1"
            ],
            "sha256": "8174c373fd818eb48388777436e30f84dcf0846593fcbddc3e73f898858a4317",
            "ranges": [
                {
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ],
                    "type": "ECOSYSTEM"
                }
            ],
            "modified_time": "2025-11-19T05:55:49Z",
            "source": "google-open-source-security",
            "import_time": "2025-11-19T05:56:22.767318Z"
        }
    ],
    "iocs": {
        "ips": [
            "217.69.3.218",
            "199.247.10.166"
        ],
        "urls": [
            "http://140.82.52.31:80/wall",
            "http://199.247.13.106:80/wall",
            "https://calendar.app.google/M2ZCvM8ULL56PD1d6",
            "http://217.69.3.218/qQD%2FJoi3WCWSk8ggGHiTdg%3D%3D",
            "http://217.69.3.218/get_arhive_npm/",
            "http://217.69.3.218/get_zombi_payload/qQD%2FJoi3WCWSk8ggGHiTdg%3D%3D"
        ]
    }
}
References

Affected packages

VSCode:https://open-vsx.org / sissel.shopify-liquid

Package

Name
sissel.shopify-liquid

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*
4.0.1

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/vscode:open-vsx.org/sissel.shopify-liquid/MAL-2025-191168.json"