GSTJ

#!/bin/bash
# NPM Supply Chain Malware Detection Script (Cross-Chain TxDataHiding / OmniStealer)
# Reference: https://ransom-isac.org/blog/cross-chain-txdatahiding-crypto-heist-part-2/
# YARA Rules: Actor_APT_DPRK_Unknown_MAL (Ransom-ISAC)
# Detects malware variant that spreads via compromised npm packages
# Usage: ./detect-infection.sh

RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'

GSTJ

#!/bin/bash
# NPM Supply Chain Malware Detection Script
# Detects malware variant that spreads via compromised npm packages
# Targets: tailwind.config.ts, next.config.ts, and similar config files
# IOCs: Blockchain C2 (Tron, Aptos, BSC), hidden ~/.node_modules persistence
# Usage: ./detect-infection.sh

RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'