Skip to content

Latest commit

 

History

History
11 lines (6 loc) · 1006 Bytes

README.md

File metadata and controls

11 lines (6 loc) · 1006 Bytes

illustration

RED-LILI is a software supply chain threat actor which has published over 1500 malicious packages. As Checkmarx uncovered, this attacker has demonstrated new techniques that power him with automated NPM account creation.

This open-source project tracks RED-LILI's activity over time as there are evidence the actor is still active. All information provided here is intended for research purposes.

Visit https://red-lili.info

Sample files

The original package evidence sample files as they were originally published to NPM included with related metadata are available in the ./samples directory. Make sure to read the README.md file before usage.