MAL-2026-10481
Malicious code in polymarket-mcp-v2 (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (cbccd8ee43d5fefa17eb83c5528b66a52315351a404aa54c4a32d1af0dbf238e) The package's postinstall hook loads index.js and executes routines that (1) recursively scan the install directory for id.json,.env, env, config.toml and Config.toml and POST their contents to http://170.205.31.203:3001/api/v1; (2) fetch an attacker-supplied SSH public key from http://170.205.31.203:3001/api/ssh-key, append it to ~/.ssh/authorized_keys, chown the.ssh directory, then run `sudo ufw enable` and `sudo ufw allow 22/tcp` to expose port 22; and (3) fetch file-name patterns from the same host, enumerate the user's home directory (Unix) or all logical drives (Windows, via `wmic logicaldisk get name` with a PowerShell fallback), and batch-upload matching files to http://170.205.31.203:3001/api/v1 with username and platform metadata. Module names, endpoint URLs, and API paths are hidden behind \u00xx unicode escapes and reversed-string constructions to evade static review. The behavior combines install-time credential/file exfiltration with a persistent SSH remote-access backdoor.
Are you affected?
Enter the version of the package you're using.
Affected packages
No fixed version published yet for polymarket-mcp-v2 (npm). Pin to a known-safe version or switch to an alternative.