TI Mindmap HUB
Threat Intelligence Report

Velora (formerly ParaSwap) SDK Version 9.4.1 Compromised And Installing Malware

๐Ÿ“… April 8, 2026 ๐Ÿ“ฐ opensourcemalware.com ๐Ÿ” 0 CVE(s) referenced

A targeted supply chain attack compromised only version 9.4.1 of the popular @velora-dex/sdk npm package, causing it to silently download and execute malware on import, granting attackers full code execution and threatening sensitive cryptocurrency infrastructure.

Sign in to access the full report including:
detailed analysis, IOCs, MITRE ATT&CK mapping, and STIX bundle.

๐Ÿ” Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

๐Ÿ“Š Visual Mindmap
๐ŸŽฏ IOC Extraction
โš”๏ธ MITRE ATT&CK TTPs
๐Ÿ“ฆ STIX 2.1 Bundle