Skip to content

Duplicate Advisory: Malware in color-string

Malware Published Sep 8, 2025 to the GitHub Advisory Database • Updated Sep 15, 2025
Withdrawn This advisory was withdrawn on Sep 15, 2025

Package

npm color-string (npm)

Affected versions

= 2.1.1

Patched versions

None

Description

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-286p-vc9p-p5qv. This link is maintained to preserve external references.

Original Description

Any computer that has this package installed or running should be considered affected by a browser-based interceptor that hijacks network traffic and application APIs. The interceptor injects itself into functions related to web traffic and cryptocurrency wallets. The interceptor replaces values such as wallet addresses in transaction payloads and modifies the UI to hide its activity.

References

Published to the GitHub Advisory Database Sep 8, 2025
Reviewed Sep 8, 2025
Withdrawn Sep 15, 2025
Last updated Sep 15, 2025

EPSS score

Weaknesses

Embedded Malicious Code

The product contains code that appears to be malicious in nature. Learn more on MITRE.

GHSA ID

GHSA-3q87-f72r-3gm6

Source code

No known source code
Improvements are not currently accepted on this advisory because this package is malware and has no patched versions. If there is something to change, please open an issue at https://github.com/github/advisory-database/issues.