MAL-2026-10129
Malicious code in rtc-integration-frontend-sdk (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (acfd49527fb8be1135feb424b68f6c46779ba146d8372d276eac1735770d6e5a) rtc-integration-frontend-sdk@99.9.0 registers a postinstall lifecycle hook ("postinstall": "node index.js") that fires automatically on npm install. index.js collects installer host reconnaissance — os.hostname(), userInfo().username, platform/arch, local network interface addresses, the public IP resolved via a call to https://api.ipify.org, the current working directory, and the package name — and POSTs the collected data to a hardcoded Discord webhook at discord.com/api/webhooks/. The package name and 99.9.0 version shape are consistent with a typosquat/version-bump lure; installing the package causes unconditional install-time exfiltration of host identifiers to an attacker-controlled endpoint.
Are you affected?
Enter the version of the package you're using.
Affected packages
No fixed version published yet for rtc-integration-frontend-sdk (npm). Pin to a known-safe version or switch to an alternative.